Results 1 to 4 of 4

Thread: How to Filter Mac Address Using Iptables ?

  1. #1
    Join Date
    Nov 2008
    Posts
    45

    How to Filter Mac Address Using Iptables ?

    Hello ,I just have a Little Query Related to iptables.I Just to want Ask Can We Filter Mac Adress Using Iptables On a Wan Or A lan Environment? Suppose We Have Client's mac address is behind 2 routers to connect to my linux box can I get his MAC address? Because based on experience the MAC address that will register in iptables is the MAC address of the last router the client used to connect to me. Thank you in advance.

  2. #2
    Join Date
    Feb 2008
    Posts
    2,635

    Re: How to Filter Mac Address Using Iptables ?

    Hello, Sometime it is necessary to filter address using mac address. A mac address is acronym for media access control address, is a unique address assigned to almost all-networking hardware such as Ethernet cards, router etc Iptables comes with MAC module. this matches packets traveling through the firewall based on their MAC (Ethernet hardware) address. It offers good protection against malicious users who spoof or change their IP address. Remember that mac filtering only makes sense for packets coming from an Ethernet device and entering the chains:

    • PREROUTING
    • FORWARD
    • INPUT


    • iptables blocking with mac address
      Drop all connection coming from mac address 00:0F:EA:91:04:08 (add command to your firewall script)
      • iptables -A INPUT -m mac --mac-source 00:0F:EA:91:04:08 -j DROP



    • iptables allowing with mac address
      Allow port 22 for mac address 00:0F:EA:91:04:07
      • iptables -A INPUT -p tcp --destination-port 22 -m mac --mac-source
      • 00:0F:EA:91:04:07 -j ACCEPT

  3. #3
    Join Date
    Jan 2006
    Posts
    3,792

    Re: How to Filter Mac Address Using Iptables ?

    Hello, Here’s an iptables sample lines to filter out host based on MAC address using the currently in place proxy server or linux proxy gateway. Make sure you insert them from one of your existing iptables INPUT chains like so

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    # iptables -A INPUT -m mac –mac-source 00:02:A5:EC:00:8B -j DROP

    Alternatively,

    # -A RH-Firewall-1-INPUT -m mac –mac-source 00:02:A5:EC:00:8B -j DROP

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    The command above would block a host with MAC Address 00:02:A5:EC:00:8B regardless of current IP address and packet/port source and destinations.

  4. #4
    Join Date
    Jan 2006
    Posts
    4,221

    Re: How to Filter Mac Address Using Iptables ?

    Hello , If they are behind the router, the packet received by the server would not have the client's MAC but the router's MAC; so you cannot distinguish people behind the router by the MAC address.

Similar Threads

  1. How to setup IP Filter & MAC filter on Huawei MT841?
    By Eas!war in forum Networking & Security
    Replies: 1
    Last Post: 04-03-2012, 04:06 PM
  2. Bypass Export address table Address Filter (EAF)
    By Dwarner in forum Software Development
    Replies: 4
    Last Post: 25-12-2010, 08:06 AM
  3. How to set up SNAT with iptables
    By Amie in forum Networking & Security
    Replies: 5
    Last Post: 14-11-2009, 09:13 PM
  4. Iptables block ip address
    By Soggy Bottom in forum Networking & Security
    Replies: 4
    Last Post: 12-11-2009, 10:49 AM
  5. Picollator filter : Automatic adult content filter
    By monsitj in forum Windows Software
    Replies: 1
    Last Post: 29-01-2009, 07:07 PM

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Page generated in 1,711,724,428.47047 seconds with 17 queries