[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Restricting IP Addresses to MAC addresses

also sprach Omar Al-Siaghi <alsiaghi@mac.com> [2005.01.31.1137 +0100]:
>   I am working for a wireless ISP, and we are using a Debian Router.  
> We use IPtables.rules to set the forwarding and NAT, but I am wondering 
> if there is a way to restrict certian IP addresses to be able to log on 
> from a MAC Address.  In other words, only the given MAC address paired 
> with the IP address can access a network.  What would be the best 
> solution for that.  Thank you all in advance.

Use iptables like this:

  iptables -A FORWARD -j check-macs
  iptables -N check-macs
  iptables -A check-macs -j DROP
  iptables -I check-macs -m mac --mac fe:ed:de:ad:be:ef -s -j RETURN

(written from the top of my head; not checked for syntax)

This is what we do. Be aware, though, that MAC addresses can easily
be changed, at least on Unix systems.

Please do not send copies of list mail to me; I read the list!
 .''`.     martin f. krafft <madduck@debian.org>
: :'  :    proud Debian developer, admin, user, and author
`. `'`
  `-  Debian - when you have better things to do than fixing a system
Invalid/expired PGP subkeys? Use subkeys.pgp.net as keyserver!

Attachment: signature.asc
Description: Digital signature

Reply to: