please help me i have different prb facing i m running LAN network with LInux i m facing the prb of mac spoofing but some of users whom i blocked by my server they user mac address changer different softwares and by this software they detect any Online Active user mac address and just change the IP Address and use internet and when i try to block that mac address by iptables but i cant block that mac address because its mine online active users mac and who users blocked the connection of my LAN they do these things and use mac address changing software and get solid and valid legal mac address by network scanning. …. what i do i m much confused

#!/usr/bin/perl

use DBI;

$sql_user			= "dhcpd";
$sql_password			= "*******";
$sql_database			= "dhcpd";
$sql_hostname			= "localhost";
$sql_port			= "3306";

$dsn		= "DBI:mysql:database=$sql_database;host=$sql_hostname;port=$sql_port";
print "-----------------------------------------------\n";
print "      Building iptables config from mysql      \n";
print "-----------------------------------------------\n";
print "Getting information from  mysql database...";
$dbh = DBI->connect($dsn, $sql_user, $sql_password);
$getmac = $dbh->prepare("select mac from trusted order by ip");
$getip = $dbh->prepare("select ip from trusted order by ip");
$getmac->execute;
$getip->execute;

print "Done\n";
print "Creating temp file...";
#print `rm iptables.conf.temp`;
open (CONFIGFILE, '>>iptables.conf.temp');
print "Done\n";
print "Start writing configfile...\n-----------------------------------------------\n";

$count 		= 0;

while ( @getmac = $getmac->fetchrow_array, @getip = $getip->fetchrow_array ) {
    @mac[$count] = @getmac;
    @ip[$count] = @getip;
    $count++;
}

$dbh->disconnect;
$count = 0;

foreach (@mac) {
	print CONFIGFILE "iptables -A INPUT -p tcp -s @ip[$count] -m mac --mac-source @mac[$count] -j ACCEPT
" . 			 "";
	$count++;

	print "iptables -A INPUT -p tcp -s @ip[$count] -m mac --mac-source @mac[$count] -j ACCEPT" . "\n";
}

close (CONFIGFILE);
print "-----------------------------------------------\nDone.\n";
print `mv iptables.conf.temp iptables.conf`;
sleep(1);
#print `echo "do somthing here :)"`

I also made one for dhcpd so unknown mac’s logging on my wireless will be in a diffrent subnet.

I wanna config a router with iptables for my WLAN. my problem, there is a database (mysql) there are all mac adresses, whitch have access…

is there a way to marry iptables with mysql??

best & THX coop

–
Thanks
Shawn

You are good ones
Caveman

Allow an ip or network group to conect via SSH
/etc/host.allow

SSHD:192.168.0.4 or something like this 192.168.0.

Deny all conection on SSH
/etc/host.deny

SSHD:ALL

I think it will help you

now i need that only those mac id can accept all other droped who can i do this

ex: -A RH-Firewall-1-INPUT -s ATTACKER_IP_HERE -j LOG –log-level 4 –log-prefix “DROP ATTACKER: ”

this results in logs such as…
Mar 21 13:38:41 server_name kernel: DROP ATTACKER: IN=eth0 OUT= MAC=MY_SERVER_MAC_ADDR_HERE SRC=ATTACKER_IP_HERE DST=MY_SERVER_IP LEN=48 TOS=0×00 PREC=0×00 TTL=114 ID=50714 DF PROTO=TCP SPT=39616 DPT=80 WINDOW=65535 RES=0×00 SYN URGP=0

# Setting default filter policy
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -A INPUT -m mac –mac-source
00:0F:EA:91:04:08 -j ACCEPT

HTH