There are times when you might need to filter the traffic on your firewall using MAC addresses instead of IP addresses, iptables
has the option to do it.
From the man page of iptables:
Note that this only makes sense for packets coming from an Ethernet device and entering the PREROUTING, FORWARD or INPUT chains.
You may want to insert this line in you firewall script.
iptables -A INPUT -m mac --mac-source 00:11:2f:8f:f8:f8 -j DROP
This way the packets comming from the network element with the MAC address 00:11:2f:8f:f8:f8 will be denied.
That is if you want to block the incoming packets to the firewall, but the blocked machine may still be able to send packets across the firewall, so to block those packets, you may want to add also this line.
iptables -A FORWARD -m mac --mac-source 00:11:2f:8f:f8:f8 -j DROP
No comments:
Post a Comment