How to filter by MAC address mask in centos?

K

Konstantin2014-04-22 15:46:13

DHCP

Konstantin, 2014-04-22 15:46:13

How to configure packet drop in iptables to MASK MAC addresses? centos 6.5_x86
Like

iptables -A INPUT -m mac --mac-source 00:0С: **-**-**-** -j DROP

It is necessary to get rid of any androids in the warehouse network, etc. etc.
The idea is to transfer dhcp from windows to centos and make a ban on ALL left mobile devices on the vendor ID. Bringing in each PC and the desired mobile terminal is a terrible task.

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

A

Alexey Cheremisin, 2014-04-22
@leahch

On dhcp (Linux) configure classes and register members - it will give IP only to the correct devices. I suspect that microsoft dhcp also has classes.
I have something like this in dhcpd.conf. And no ip/ebtables needed!

.....
class "MySecretClass1"
{
  match if (substring( option vendor-class-identifier, 0, 6)="Huawei");
}
......
subnet 192.168.0.0 netmask 255.255.255.0 {
....
  pool {
      range 192.168.0.14 192.168.0.254;
       allow members of "MySecretClass1";
       allow members of "MySecretClass2";
       allow members of "MySecretClass3";
        }
.....
}

A

Alexey Cheremisin, 2014-04-22
@leahch

If we want to work exactly on MAC, then ebtables is better. Brief description
with examples here xgu.ru/wiki/ebtables IP for registered devices only.

K

Konstantin, 2014-04-22
@fallen8rwtf

@leahch
thanks! now I’ll look at edtables
filtering is needed for a wi-fi network
on switches to do it is not yet possible, since there is a mess =) we
installed a wi-fi network in a warehouse of 5000 m ^ 2 on a motorola rfs6000, but there is one remote point of the warehouse a standard vigor point, to which l2-acl with motorola is not applied and the Tajiks manage to spoil the dhcp leases with their phones.
*windows-dhcp is ugly