NAT mac filter

From D3xt3r01.tk
Jump to navigationJump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

WHY

After you'll have the nat set up and running, you'll probably want to restrict users to their ip/mac.

HOW

There are 2 types of firewalls:
1) ACCEPT everything and drop whatever you want
2) DROP everything and accept whatever you want

I'm going to use the latter because who knows what rule I might forget to DROP.

1) SET DROP as being implicit 

iptables -P FORWARD DROP

2) You want to accept related and established connections 

iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

3) Allow NEW connections only from who you know/want 

iptables -A FORWARD -m state --state NEW -s 192.168.10.2/32 -m mac --mac-source 00:C0:CA:22:95:D3 -j ACCEPT

4) THE END. Enjoy.

Retrieved from "https://wiki.d3xt3r01.tk//index.php?title=NAT_mac_filter&oldid=195"