Solved

Only Allowing Access From Specific MAC Addresses

Posted on 2002-03-20
15
262 Views
Last Modified: 2013-12-15
Is the a way of configuring a Linux box to only allow connections from specific MAC addresses in much the same way as the hosts.allow / hosts.deny does for IP addresses?
0
Comment
Question by:comahony
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
15 Comments
 
LVL 51

Expert Comment

by:ahoffmann
ID: 6884857
AFAIK not by using a simple config file (like /etc/hosts.allow), but iptables can do:

iptables -A INPUT -s 2.3.4.0/24 -m mac --mac-source 00:11:22:33:44:55 -j ACCEPT
0
 

Author Comment

by:comahony
ID: 6885209
Im running RedHat 7.2 I dont seem to have an iptables command what should i use
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 6885307
Go with iptables, anything else (except comercial software, if available) drives you crazy 'til the hard work is done.
If you still have a 2.4 kernel, simply install the iptables package, otherwise I suggest to upgrade to 2.4
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:comahony
ID: 6885422
ok i ran that command and added my own desktops mac address but people from other mac addresses can still access the box how do I deny access to them?
0
 

Author Comment

by:comahony
ID: 6885442
by the way what does the 2.3.4.0/24 mean?
0
 
LVL 51

Accepted Solution

by:
ahoffmann earned 300 total points
ID: 6885486
oops, just this command used literaly won't work.
Did not not that you're unfamilar with IP, Firewalls etc. sorry.

Use following 3 commands:
iptables -F INPUT
iptables -P INPUT ACCEPT
iptables -A INPUT -s 0.0.0.0 -m mac --mac-source 00:11:22:33:44:55 -j DROP


Keep in mind that you have to replace 00:11:22:33:44:55 by the mac in question.
0.0.0.0 in the last iptables command means that this rule should match any source IP address. When you use 2.3.4.0/24, then this rule only aplies if the source IP is in the range 2.3.4.1 .. 2.3.4.254.
You may add as man rules with different MACs as you like.
0
 

Author Comment

by:comahony
ID: 6885509
ok how do i delete that orignal thing i put in from the  
iptables -A INPUT -s 2.3.4.0/24 -m mac --mac-source 00:11:22:33:44:55 -j ACCEPT
0
 

Author Comment

by:comahony
ID: 6885519
ok how do i delete that orignal thing i put in from the  
iptables -A INPUT -s 2.3.4.0/24 -m mac --mac-source 00:11:22:33:44:55 -j ACCEPT
0
 

Author Comment

by:comahony
ID: 6885579
i've done that but the box still accepts conntections from any  mac address
0
 

Author Comment

by:comahony
ID: 6885589
i've done that but the box still accepts conntections from any  mac address
0
 
LVL 5

Expert Comment

by:Mishou
ID: 6910811
You have them typed in the wrong order

iptables -F INPUT
will flush the INPUT chain

iptables -P INPUT DENY
will set the default for INPUT chain to be DENY

iptables -A INPUT -s 0.0.0.0 -m mac --mac-source 00:11:22:33:44:55 -j ACCEPT
will Add a new rule to your INPUT policy that specify to accept traffic only from that specific MAC address

Mishou
0
 

Expert Comment

by:CleanupPing
ID: 9077049
comahony:
This old question needs to be finalized -- accept an answer, split points, or get a refund.  For information on your options, please click here-> http:/help/closing.jsp#1 
EXPERTS:
Post your closing recommendations!  No comment means you don't care.
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 9077324
IMHO my suggestion works
0
 
LVL 1

Expert Comment

by:drewber
ID: 9220291
This question has been classified abandoned. I will make a recommendation to the moderators on its resolution in a week or two. I appreciate any comments that would help me to make a recommendation.
 

Unless it is clear to me that the question has been answered I will recommend delete. It is possible that a Grade less than A will be given if no expert makes a case for an A grade. It is assumed that any participant not responding to this request is no longer interested in its final disposition.

 
If the user does not know how to close the question, the options are here:
http://www.experts-exchange.com/help/closing.jsp
 
drewber
0

Featured Post

U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
bash file 10 64
SUSE Linux Enterprise 11.x Ensure tftp server is not enabled 1 64
sed/awk/tail: how to read 3'de last line 4 40
IMAP copying tool 14 45
How many times have you wanted to quickly do the same thing to a list but found yourself typing it again and again? I first figured out a small time saver with the up arrow to recall the last command but that can only get you so far if you have a bi…
It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question