MAC SOURCE
Jason Opperisano
opie at 817west.com
Mon Jul 11 20:35:32 CEST 2005
On Mon, Jul 11, 2005 at 08:28:07PM +0500, azeem ahmad wrote:
> thanx a lot
> can u explain this rule set in some details
sure:
# create a new user-defined chain called "check_mac" in the filter
# table
iptables -N check_mac
# append a rule to the "check_mac" chain that returns packets from
# $MAC1 to the calling chain (where we jumped from)
iptables -A check_mac -m mac --mac-source $MAC1 -j RETURN
# append a rule to the "check_mac" chain that returns packets from
# $MAC2 to the calling chain (where we jumped from)
iptables -A check_mac -m mac --mac-source $MAC2 -j RETURN
# a commented-out rule the would log all other packets that are about
# to get DROP-ed by the rule that comes afterwards
# iptables -A check_mac -j LOG --log-prefix "INVALID MAC: "
# drop any packet that makes it to this rule
iptables -A check_mac -j DROP
# jump to the check_mac chain from the INPUT chain. packets that hit
# the RETURN target in check_mac will come back to INPUT to traverse
# the remaining rules in INPUT
iptables -A INPUT -j check_mac
# jump to the check_mac chain from the FORWARD chain. packets that hit
# the RETURN target in check_mac will come back to FORWARD to traverse
# the remaining rules in FORWARD
iptables -A FORWARD -j check_mac
-j
--
"Meg: Guess what I am.
Stewie: Hmm, let me see. The end result of a drunken backseat grope-fest
and a damaged prophylactic?"
--Family Guy
More information about the netfilter
mailing list