Allowing access only some sites - onely some mac address

Grant Taylor gtaylor at riverviewtech.net
Tue Aug 30 04:27:51 CEST 2005


Sebastião Antônio Campos (GWA) wrote:
> I have a list of the mac address 00:0c:6E:11:E8:B0, 00:D8:02:D8:C8:DF,
> 00:E7:05:C9:07:EA............ and and I'd like that only these mac address
> could access only the following IP: 200.221.2.128, 200.221.2.129,
> 200.221.2.130, 200.221.2.131, 200.205.144.75, 200.205.144.76. But the other
> mac address could access everything.

I would be tempted to do something like the following:

# Create a new chain to put the allowed sites in for filtered MACs.
iptables -t filter -N MACFilteredSites

# Watch for a specific MAC address and jump to said chain on matches.
iptables -t filter -A FORWARD -i ${LAN} -o ${INet} -m mac --mac-source 00:0c:6E:11:E8:B0 -j MACFilterdSites
iptables -t filter -A FORWARD -i ${LAN} -o ${INet} -m mac --mac-source 00:D8:02:D8:C8:DF -j MACFilterdSites
iptables -t filter -A FORWARD -i ${LAN} -o ${INet} -m mac --mac-source 00:E7:05:C9:07:EA -j MACFilterdSites

# Only allow the filtered MACs to go to these sites (IP addresses).
# Note:  We do not need to test for -i and -o interfaces b/c we tested for this before we got to this chain.
iptables -t filter -A MACFilteredSites -d 200.221.2.128 -j RETURN
iptables -t filter -A MACFilteredSites -d 200.221.2.129 -j RETURN
iptables -t filter -A MACFilteredSites -d 200.221.2.130 -j RETURN
iptables -t filter -A MACFilteredSites -d 200.221.2.131 -j RETURN
iptables -t filter -A MACFilteredSites -d 200.205.144.75 -j RETURN
iptables -t filter -A MACFilteredSites -d 200.205.144.76 -j RETURN
iptables -t filter -A MACFilteredSites -j LOG
iptables -t filter -A MACFilteredSites -j DROP



Grant. . . .



More information about the netfilter mailing list