Pascal Hambourg wrote:
iptables -t nat -A PREROUTING -i eth1 -s <ip> -p tcp -m mac --mac-source ! <mac> -j DROPHello, Daniel Givens a écrit :i would like to do using FORWARD exampleiptables -A FORWARD -s -m ! 00:0F:EA:91:04:08 -d 0.0.0.0/0 -p tcp --dport3128 -j DROP i want to set this rule to avoid the computer being cloned i think using mac & iptables i can solve this rigth ?What do you mean by "cloned". It is trivial to spoof a mac address.Or an IP address on the same ethernet link. [...]As for your syntax, that looks correct.I think the -s option expects a source address or address range.
This my conf for restricting my users to the ip's i asign them... it works just fine :)
Adorean Alexandru Raul, T&C Cibernet Cluj-Napoca, Romania