NAT mac filter

From D3xt3r01.tk
Jump to navigationJump to search

WHY

After you'll have the nat set up and running, you'll probably want to restrict users to their ip/mac.

HOW

There are 2 types of firewalls:
1) ACCEPT everything and drop whatever you want
2) DROP everything and accept whatever you want

I'm going to use the latter because who knows what rule I might forget to DROP.

1) SET DROP as being implicit

iptables -P FORWARD DROP

2) You want to accept related and established connections

iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

3) Allow NEW connections only from who you know/want

iptables -A FORWARD -m state --state NEW -s 192.168.10.2/32 -m mac --mac-source 00:C0:CA:22:95:D3 -j ACCEPT

4) THE END. Enjoy.