Thread: IPtables - IP & MAC combined rule to define internet access

Hi,
This is what i'm thinking of. i would like to deny everyone's access to use my internet facility. The i would like to give them access one by one through IP and MAC binding.

can anyone pls enlighten me about this?

Originally Posted by Tawfiq

i would like to deny everyone's access to use my internet facility. The i would like to give them access one by one through IP and MAC binding.

If you got the idea from looking at how a Wireless AP's DHCPd allows you to allow/deny MAC/IP pairs then simply put for wired machines MAC addressing only works inside the LAN, not beyond. Of course you could use a DHCPd to deny certain MAC addresses from getting a lease in the first place.

I'm adding little bit to unSpawn post, just deny everything using iptables and allow access to certain IPs or Mac:

Code:

#!/bin/sh
IPT="/sbin/iptables"
MACS="00:0F:EA:91:04:08 00:0F:EA:91:03:08 00:0F:EA:91:04:09"
IPS="192.168.1.2 202.54.1.2"

$IPT -P INPUT DROP
$IPT -P OUTPUT ACCEPT

echo "Allowing Mac Addresses..."
for m in $MACS
do
    $IPT -A INPUT -m mac --mac-source ${m} -j ACCEPT
done


echo "Allowing IP Addresses..."
for i in $IPS
do
    $IPT -A INPUT -p tcp -s ${i} -j ACCEPT
done

Iptables mac address filtering