MAC SOURCE

Jason Opperisano opie at 817west.com
Mon Jul 11 20:35:32 CEST 2005


On Mon, Jul 11, 2005 at 08:28:07PM +0500, azeem ahmad wrote:
> thanx a lot
> can u explain this rule set in some details

sure:

  # create a new user-defined chain called "check_mac" in the filter
  # table
  iptables -N check_mac

  # append a rule to the "check_mac" chain that returns packets from
  # $MAC1 to the calling chain (where we jumped from)
  iptables -A check_mac -m mac --mac-source $MAC1 -j RETURN

  # append a rule to the "check_mac" chain that returns packets from
  # $MAC2 to the calling chain (where we jumped from)
  iptables -A check_mac -m mac --mac-source $MAC2 -j RETURN

  # a commented-out rule the would log all other packets that are about
  # to get DROP-ed by the rule that comes afterwards
  # iptables -A check_mac -j LOG --log-prefix "INVALID MAC: "

  # drop any packet that makes it to this rule
  iptables -A check_mac -j DROP

  # jump to the check_mac chain from the INPUT chain.  packets that hit
  # the RETURN target in check_mac will come back to INPUT to traverse
  # the remaining rules in INPUT
  iptables -A INPUT -j check_mac

  # jump to the check_mac chain from the FORWARD chain.  packets that hit
  # the RETURN target in check_mac will come back to FORWARD to traverse
  # the remaining rules in FORWARD
  iptables -A FORWARD -j check_mac

-j

--
"Meg: Guess what I am.
 Stewie: Hmm, let me see. The end result of a drunken backseat grope-fest
 and a damaged prophylactic?"
        --Family Guy



More information about the netfilter mailing list