Re: iptables by mac
Pascal Hambourg wrote:
iptables -t nat -A PREROUTING -i eth1 -s <ip> -p tcp -m mac
--mac-source ! <mac> -j DROP
Daniel Givens a écrit :
i would like to do using FORWARD
iptables -A FORWARD -s -m ! 00:0F:EA:91:04:08 -d 0.0.0.0/0 -p tcp
3128 -j DROP
i want to set this rule to avoid the computer being cloned
i think using mac & iptables i can solve this rigth ?
What do you mean by "cloned". It is trivial to spoof a mac address.
Or an IP address on the same ethernet link.
As for your syntax, that looks correct.
I think the -s option expects a source address or address range.
This my conf for restricting my users to the ip's i asign them... it
works just fine :)
Adorean Alexandru Raul,