Iptables mac address filtering
Sometime it is necessary to filter address using mac address. A mac address is acronym for media access control address, is a unique address assigned to almost all-networking hardware such as Ethernet cards, router etc (see mac address at wikipedia for more information).
Iptables comes with MAC module. this matches packets traveling through the firewall based on their MAC (Ethernet hardware) address. It offers good protection against malicious users who spoof or change their IP address. Remember that mac filtering only makes sense for packets coming from an Ethernet device and entering the chains:
- PREROUTING
- FORWARD
- INPUT
iptables blocking with mac address
Drop all connection coming from mac address 00:0F:EA:91:04:08 (add command to your firewall script)
iptables -A INPUT -m mac --mac-source 00:0F:EA:91:04:08 -j DROP
iptables allowing with mac address
Allow port 22 for mac address 00:0F:EA:91:04:07
iptables -A INPUT -p tcp --destination-port 22 -m mac --mac-source 00:0F:EA:91:04:07 -j ACCEPT
Read man page of iptables for more information.
E-mail this to a Friend
Printable Version
You may also be interested in other helpful articles:
- Linux Iptables block incoming access to selected or specific ip address
- Linux Iptables Firewall: Log IP or TCP Packet Header
- Linux Iptables block outgoing access to selected or specific ip address
- No Route to Host error and solution
- How do I Drop or block attackers IP with null routes?
Discussion on This Article:
Leave a Reply
We encourage your comments, and suggestions. But please stay on topic, be polite, and avoid spam. Thank you very much for stopping by our site!
Thanks!
hello, how to blok ALL mac address, so i can permit only privileged mac adresses. thanks in advance
You can setup default policy to drop all packets and allow selected incoming packets from MAC based ip filtering.
Set default INPUT to deny all
# Setting default filter policy
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -A INPUT -m mac –mac-source
00:0F:EA:91:04:08 -j ACCEPT
HTH
Does anybody know if this works on Suse 10.0? I need to filter a few MACs.
Is there a way to get the MAC address of an attacker via iptable logging? All of the log levels that I’ve tried give me my server’s MAC address. I’d love to get the MAC of the person I’m blocking so I can block on their MAC in case they try using a proxy.
ex: -A RH-Firewall-1-INPUT -s ATTACKER_IP_HERE -j LOG –log-level 4 –log-prefix “DROP ATTACKER: ”
this results in logs such as…
Mar 21 13:38:41 server_name kernel: DROP ATTACKER: IN=eth0 OUT= MAC=MY_SERVER_MAC_ADDR_HERE SRC=ATTACKER_IP_HERE DST=MY_SERVER_IP LEN=48 TOS=0×00 PREC=0×00 TTL=114 ID=50714 DF PROTO=TCP SPT=39616 DPT=80 WINDOW=65535 RES=0×00 SYN URGP=0
hello i am using iptables
now i need that only those mac id can accept all other droped who can i do this
Hello. I have a problem when i try to log with iptables. iptables v1.3.8: Unknown arg `LOG’
what should i do ?
please i want to ban everyone of using my shell which is port 22 but keep their access on other ports and i owuld like only my PC to log to shell from my MAC address, anyone can help plz???
to ZEE
Allow an ip or network group to conect via SSH
/etc/host.allow
SSHD:192.168.0.4 or something like this 192.168.0.
Deny all conection on SSH
/etc/host.deny
SSHD:ALL
I think it will help you
Great!
You are good ones
Caveman
Is there a way to use this in conjunction with the source IP. So that you can enforce a MAC address to only be allowed through if it is using a specific IP address?
–
Thanks
Shawn
Sure, you can use -s IP-address option. Verify source IP 192.168.1.200 along with MAC 00:0F:EA:91:04:08 and if both matched drop it:
iptables -A INPUT -p tcp -s 192.168.1.200 -m mac --mac-source 00:0F:EA:91:04:08 -j DROPCould someone help.
I have to arm machines whit linux kernel 2.6
I wan’t to make a remote acess but i can’t…
one I have been defined a mac address ifconfig eth0 hw ether 0B:62:9D:6D:1A:34
I made ping suceful but when I try ftp ore telnet it refuse the conection…