iptables

I need an expamle of how to make a rule with an IP and MAC addressess on iptables for Linux.
CyberGodAsked:
Who is Participating?
 
BlackDiamondConnect With a Mentor Commented:
iptables -A INPUT -s 2.3.4.0/24 -m mac --mac-source 00:11:22:33:44:55 -j ACCEPT
0
 
CyberGodAuthor Commented:
Can you be more specific about this -m mac --mac-source
0
 
ahoffmannCommented:
does
   man iptables
not give you the answer
0
Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

 
BlackDiamondCommented:
CyberGod,
"-m mac" tells iptables that you want to use the built-in mac module, and that module has the --mac-source parameter.  The rule that I showed above would accept anything originating from the 2.3.4.0 subnet that was routed through an interface in the same broadcast domain (on the same subnet) with mac 00:11:22:33:44:55.

As ahoffmann stated, "man iptables" will show you all of these options.
0
 
CyberGodAuthor Commented:
iptables -A INPUT -s 2.3.4.5/32 -m mac --mac-source 00:11:22:33:44:55 -j ACCEPT

Does this means that I can accept packets from a NIC with IP 2.3.4.5 and MAC 00:11:22:33:44:55 ? (yes/no)
0
 
BlackDiamondCommented:
Cybergod, that is correct.  But keep in mind that if you have more than one subnet, then you will need to use ip ranges combined with the MAC of your router interface.  This is because MAC addresses are seen in the same broadcast domain, so you will see the MAC address of the last device to touch the packet (which would be your router).  
0
 
ahoffmannCommented:
BTW, would be nice to see what happens with such an iptables configuration with clients comming from a TokenRing network (where you need to set the MAC).
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.