Hi
I've the following problem. I want to allow the network traffic of a machine only it the machine has a specific ip AND this ip has a specific mac.
For example allow only machine with ip 10.0.0.137 which has mac 08:2E:5F:81:0B:AB.
So I have the following statements for iptables with an additional queue created but it does not work. The host has no access to the world.
BTW: The machine which this script is running on is an ap and has ip 10.0.0.1 on the internal net and 10.24.88.240 on wifi net.
From the ap to world ok from the connected machine on lan it does not work :-(
Any hints?
Code:
${IPT} -F FORWARD
${IPT} -P FORWARD DROP
${IPT} -F MACTABLE
${IPT} -N MACTABLE
${IPT} -P MACTABLE DROP
${IPT} -A FORWARD -s 10.0.0.137 -j MACTABLE
${IPT} -A FORWARD -d 10.0.0.137 -j MACTABLE
${IPT} -A MACTABLE -m mac --mac-source 08:2E:5F:81:0B:AB -j ACCEPT
iptables -A MACTABLE -j DROP
which gives me the following tables...
Code:
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy DROP)
target prot opt source destination
MACTABLE all -- 10.0.0.137 0.0.0.0/0
MACTABLE all -- 0.0.0.0/0 10.0.0.137
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain MACTABLE (2 references)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 MAC 08:2E:5F:81:0B:AB
DROP all -- 0.0.0.0/0 0.0.0.0/0
How do I allow only a specific ip with a specific mac on lan with iptables?
