NAT mac filter

From D3xt3r01.tk
Revision as of 22:32, 4 October 2009 by Admin (talk | contribs) (New page: ==WHY== After you'll have the nat set up and running, you'll probably want to restrict users to their ip/mac. ==HOW== There are 2 types of firewalls:<br/> 1) ACCEPT everything and drop ...)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigationJump to search

WHY

After you'll have the nat set up and running, you'll probably want to restrict users to their ip/mac.

HOW

There are 2 types of firewalls:
1) ACCEPT everything and drop whatever you want
2) DROP everything and accept whatever you want

I'm going to use the latter because who knows what rule I might forget to DROP.

1) SET DROP as being implicit 

iptables -P FORWARD DROP

2) You want to accept related and established connections 

iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

3) Allow NEW connections only from who you know/want 

iptables -A FORWARD -m state --state NEW -s 192.168.10.2/32 -m mac --mac-source 00:C0:CA:22:95:D3 -j ACCEPT

4) THE END. Enjoy.

Retrieved from "https://wiki.d3xt3r01.tk//index.php?title=NAT_mac_filter&oldid=195"