Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Configure iptables to allows list of MAC address
Special Forums Cybersecurity Configure iptables to allows list of MAC address Post 302527491 by ciupinet on Friday 3rd of June 2011 11:54:27 AM
Old 06-03-2011
Use this, assuming you don't have any other iptables configuration:
Code:
iptables -A FORWARD -i eth1 -o eth0 -m mac --mac-source aa:aa:aa:aa:aa:aa -j ACCEPT

For the list of MAC addresses, assuming these are stored in a file line by line (mac_addresses_file), you can use:
Code:
for MAC in `cat mac_addresses_file`; do
  iptables -A FORWARD -i eth0 -o eth1 -m mac --mac-source $MAC -j ACCEPT
done

And then drop the rest of the traffic (if this is what you want):
Code:
iptables -P FORWARD  DROP

The lines above will allow the host with MAC aa:aa:aa:aa:aa:aa from Small NW to communicate with the hosts with the MAC addresses from the file from LAN NW and the other way around.

If you want more details, you should give more information regarding the services that the users can access and about the entire network topology.
 

8 More Discussions You Might Find Interesting

1. IP Networking

trying to configure DNS address in Solaris

hi to all. I'm trying to use the sendmail command to generate some reports and I cant use it. The mails i try to send simply won't go out, instead I receive a response from the system sayng that the host is unknown. I think the problem is in the DNS configuration (or the IMAP/SMTP servers). ... (3 Replies)
Discussion started by: ldrojasm
3 Replies

2. IP Networking

How to Achive IP address through MAC(Ethernet) address

Hi sir, i want to make such programe which takes MAC(Ethernet) address of any host & give me its IP address....... but i'm nt getting that how i can pass the MAC address to Frame........ Please give me an idea for making such program... Thanks & regards Krishna (3 Replies)
Discussion started by: krishnacins
3 Replies

3. Solaris

How to Configure a Static Ip Address

Hello friend, I am new in UNIX, but I want to learn a lot Well I have a problem to try to configure my PC with a static IP Address (IP 192.168.1.39, Mask 255.255.255.0, gateway 192.168.1.1) (DNS 200.48.225.130 and 200.48.225.146). where are the file that I must be change? The SO is Sun Solaris... (15 Replies)
Discussion started by: andresguillen
15 Replies

4. IP Networking

Tracing a MAC address to IP address: Solaris

Hi there I lost connectivity to one of our remote systems and when I checked the messages log I found the following: Aug 10 23:42:34 host xntpd: time reset (step) 1.681729 s Aug 16 13:20:51 host ip: WARNING: node "mac address" is using our IP address x.x.x.x on aggr1 Aug 16 13:20:51 host... (9 Replies)
Discussion started by: notreallyhere
9 Replies

5. Shell Programming and Scripting

configure from address in mailx command

Hi, I need to configure customized from address in mailx command. Can you pls tell me the option for configuring from address. Thanks Latika (9 Replies)
Discussion started by: latika
9 Replies

6. Solaris

to configure ip address

i have installed solaris 10 on my vmware..please tell me how i can configure ip addres and other things so that i can use internet (2 Replies)
Discussion started by: shekhar_4_u
2 Replies

7. IP Networking

Configure squid to listen on any IP address with port 80

Hi, I am trying to configure a transparent squid cache. When I try to use the below option in squid.conf, squid listens on port 80 only for the IP address configured on the system's interface. http_port 80 transparent But I want squid to accept connections for any IP address on port 80.... (3 Replies)
Discussion started by: Learner32
3 Replies

8. IP Networking

MAC Address - Four Interfaces with the same MAC Address

four interfaces with ifconfig all interfaces have the same mac. If is not set for unique. but it still works. what difference does it make to have all macs the same or different? (4 Replies)
Discussion started by: rrodgers
4 Replies

LEARN ABOUT CENTOS

mac_test

MAC_TEST(4)						   BSD Kernel Interfaces Manual 					       MAC_TEST(4)

NAME

     mac_test -- MAC framework testing policy

SYNOPSIS

     To compile the testing policy into your kernel, place the following lines in your kernel configuration file:

	   options MAC
	   options MAC_TEST

     Alternately, to load the testing module at boot time, place the following line in your kernel configuration file:

	   options MAC

     and in loader.conf(5):

	   mac_test_load="YES"

DESCRIPTION

     The mac_test policy module implements a testing facility for the MAC framework.  Among other things, mac_test will try to catch corrupt
     labels the system is attempting to destroy and drop to the debugger.  Additionally, a set of statistics regarding the number of times various
     MAC framework entry points have been called is stored in the security.mac.test sysctl(8) tree.

   Label Format
     No labels are defined for mac_test.

SEE ALSO

     mac(4), mac_biba(4), mac_bsdextended(4), mac_ifoff(4), mac_lomac(4), mac_mls(4), mac_none(4), mac_partition(4), mac_portacl(4),
     mac_seeotheruids(4), mac(9)

HISTORY

     The mac_test policy module first appeared in FreeBSD 5.0 and was developed by the TrustedBSD Project.

AUTHORS

     This software was contributed to the FreeBSD Project by Network Associates Labs, the Security Research Division of Network Associates Inc.
     under DARPA/SPAWAR contract N66001-01-C-8035 (``CBOSS''), as part of the DARPA CHATS research program.

BUGS

     See mac(9) concerning appropriateness for production use.	The TrustedBSD MAC Framework is considered experimental in FreeBSD.

     While the MAC Framework design is intended to support the containment of the root user, not all attack channels are currently protected by
     entry point checks.  As such, MAC Framework policies should not be relied on, in isolation, to protect against a malicious privileged user.

BSD
								 December 1, 2002							       BSD
All times are GMT -4. The time now is 05:29 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy