IP and MAC Address check
Rob Sterenborg
rob at sterenborg.info
Wed Oct 5 10:11:30 CEST 2005
On Wed, October 5, 2005 09:52, Winanjaya - PBXSoftwares wrote:
>> ...[rules]...
>> # If the source IP is in 172.16.2.240/29, jump to a user defined
>> chain.
>> $ipt -A INPUT -s 172.16.2.240/29 -j MAC-CHECK
>> ...[other rules]...
>>
>> # User defined chain.
>> # RETURN to built-in chain INPUT if the MAC address matches
>> # Otherwise, DROP the packet
>>
>> $ipt -N MAC-CHECK
>> $ipt -A MAC-CHECK -m mac --mac-source 00:12:95:6d:0a:3e -j RETURN
>> $ipt -A MAC-CHECK -m mac --mac-source 00:12:95:15:61:14 -j RETURN
>> $ipt -A MAC-CHECK -m mac --mac-source 00:12:95:15:62:29 -j RETURN
>> $ipt -A MAC-CHECK -m mac --mac-source 00:12:95:15:63:ba -j RETURN
>> $ipt -A MAC-CHECK -j DROP
>
> I tried it .. but all traffic 172.16.2.240/29 will be dropped
> although it has valid Mac Address.. could you please advise ..what
> should I check?
As /dev/rob0 mentioned : are you sure that the PC's that you want to
check the MAC address from are on the same physical ethernet segment ?
If not then you won't be able to match the MAC address.
You may want to check with this :
$ipt -A MAC-CHECK -m mac --mac-source 00:12:95:6d:0a:3e -j LOG \
--log-prefix "MAC1: "
$ipt -A MAC-CHECK -m mac --mac-source 00:12:95:6d:0a:3e -j RETURN
$ipt -A MAC-CHECK -m mac --mac-source 00:12:95:15:61:14 -j LOG \
--log-prefix "MAC2: "
$ipt -A MAC-CHECK -m mac --mac-source 00:12:95:15:61:14 -j RETURN
$ipt -A MAC-CHECK -m mac --mac-source 00:12:95:15:62:29 -j LOG \
--log-prefix "MAC3: "
$ipt -A MAC-CHECK -m mac --mac-source 00:12:95:15:62:29 -j RETURN
$ipt -A MAC-CHECK -m mac --mac-source 00:12:95:15:63:ba -j LOG \
--log-prefix "MAC4: "
$ipt -A MAC-CHECK -m mac --mac-source 00:12:95:15:63:ba -j RETURN
See if you get any logging. If not, the MAC addresses do not match.
Gr,
Rob
More information about the netfilter
mailing list