Solved

Dynamically Block or Unblock a user’s MAC Address

Posted on 2010-11-27
4
855 Views
Last Modified: 2012-05-10
Hi:

I would like to be able to dynamically (i) block a specific user's machine (MAC address) from being able to access the internet via a Gate Keeper Machine (GKM) and (ii) allow them through again.  Also, while this action is being done, I would like that there would be no disruption to the other users that are currently surfing (e.g watching Youtube; Sending and receiving  e-mail, etc.).  

My two Questions are:
(I) What is the technical name or classification of this system? So that I would know in future.
(ii) Most importantly: What are the applications etc. that I would I need to setup this system (GKM)?

GKM Details:
CentOS 5.5 with 1GB of RAM, two (2) x NICs(One for the users (LAN Switch), and the next for an ADSL router) , AMD Athlon II X2 250 Regor 3.0 GHz Dual-Core CPU; Hard Drive Space: 200GB

My Abilities:
New to setting up a router; squid; iptables; GKM.
Can program in Java and Perl, but prefer Java; working knowledge of MySQL.

Note:  Since I am new to this area, I may need some help with the configuration of the recommended solution when I am stumped.
0
Comment
Question by:Hope4U
  • 3
4 Comments
 
LVL 16

Accepted Solution

by:
Blaz earned 500 total points
ID: 34222132
There might be some special name for what you intend to be doing, but filtering network traffic according to specific rules (allowing or disallowing one IP or MAC address, service (port) etc.) is called firewalling.

On linux systems firewalling is done with iptables (as part of the kernel) and rules can be added/deleted/viewed with utility /sbin/iptables.

There are several pages describing iptables behaviour and you should start with them:
http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch14_:_Linux_Firewalls_Using_iptables - Quick HOWTO
http://www.netfilter.org/documentation/HOWTO//packet-filtering-HOWTO.html   - official HOWTO
http://www.cyberciti.biz/tips/iptables-mac-address-filtering.html   - mac filtering

I give you some hints to speed up the learning process:
In CentOS iptables rules (that are loaded after every reboot) are stored in /etc/sysconfig/iptables
For what you are doing you should be looking at FORWARD chain of filter iptables table (this chain processes every forwarded network packet).
I suggest you create a designated chain for your needs and jump to it as the first rule in FORWARD chain:
  iptables -N CHECK_MAC
  iptables -I FORWARD -j CHECK_MAC
  iptables -A CHECK_MAC -j RETURN

Then you can block specific MAC address with:
iptables -A CHECK_MAC -m mac --mac-source 00:0F:EA:91:04:08 -j DROP

And unblock with:
iptables -D CHECK_MAC -m mac --mac-source 00:0F:EA:91:04:08 -j DROP
0
 

Author Comment

by:Hope4U
ID: 34222191
Based on your experience:
(i) Would this method immediately block or unblock a user?
(ii) Would I have to restart a service or reboot the system?
(iii) Would it allow for the non disruption of the other users?
0
 
LVL 16

Expert Comment

by:Blaz
ID: 34222359
1. Yes, this method immediately block's a user
2. No restart of any service is necessary. Command is effective imediately.
3. Other users will not notice any change

0
 
LVL 16

Assisted Solution

by:Blaz
Blaz earned 500 total points
ID: 34222363
I just noticed a typo in my first response:

The command to block a user should be:
iptables -I CHECK_MAC -m mac --mac-source 00:0F:EA:91:04:08 -j DROP

Notice the -A (append) versus -I (insert). The wrong one adds the rule at the end of the chain and is therefore never reached. The right one inserts the rule at the beginning of the chain.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
SolarWinds reporting 2 25
Set linux box as ip router 3 36
Use multiple VLANs on the same interface on a Cisco 877 4 46
Cisco WRVS4400N 11 37
I have seen some questions on problems with SSH/telnet access to Cisco routers that may occur despite the fact that from a PC connected to your LAN, Internet connectivity is in place and users can access Internet sites without any issues.  There are…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question