[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: iptables by mac

Pascal Hambourg wrote:

Daniel Givens a écrit :
i would like to do using FORWARD

iptables -A FORWARD -s -m ! 00:0F:EA:91:04:08 -d -p tcp --dport
3128 -j DROP

i want to set this rule to avoid the computer being cloned
i think using mac & iptables i can solve this rigth ?

What do you mean by "cloned". It is trivial to spoof a mac address.

Or an IP address on the same ethernet link.

As for your syntax, that looks correct.

I think the -s option expects a source address or address range.

iptables -t nat -A PREROUTING -i eth1 -s <ip> -p tcp -m mac --mac-source ! <mac> -j DROP

This my conf for restricting my users to the ip's i asign them... it works just fine :)

Adorean Alexandru Raul,
T&C Cibernet
Cluj-Napoca, Romania

Reply to: