Answer the question
In order to leave comments, you need to log in
D
D
DCXXXIII2011-09-23 08:51:25
DCXXXIII, 2011-09-23 08:51:25
iptables filtering by mac
Hello comrades.
Tell, please, ignorant in the magic of iptables, a specific or approximate solution to the problem.
It is given: a server on linux, distributing an Internet suitable for it and organizing an internal network of a dozen machines, having on board a well of knowledge publicly available in LAN.
It is required to block access to the Internet (perhaps, with the exception of 2-3 sites, but not necessarily) on mac, and, of course, leave the LAN.
Surely this is 2-3 lines, but I, again, do not know anything about iptables and the principles for solving such problems.
Thank you in advance.
5 answer(s)
@unconnected
@shadowalone
@smartlight
A
Alexander Kouznetsov, 2011-09-23 @unconnected
why poppy?
iptables, as the name suggests, works on a higher level protocol,
if you have dynamic addressing (DHCP), then on the DHCP server you bind address licks to poppy addresses, and configure iptables with IP addresses
S
shadowalone, 2011-09-23 @shadowalone
You can, of course, use a poppy, something like this:
iptables -A INPUT -m mac --mac-source 00:0С: AA:99:44:28 -j DROP
just get sick.
If I were you, I would make an ip binding to the poppy, as suggested above, in DHCP, and transparent proxying to squid, and I would have already resolved it through acl.
in order to make it difficult for users to assign themselves an ip manually and bypass restrictions, on the gateway, bind ip to poppies in the arp table, deny free ip access to iptables
S
smartlight, 2011-09-23 @smartlight
keep in mind that with a transparent proxy from squid you will not be able to share the bandwidth between users on the proxy. sometimes it's very convenient
Similar questions
B
K
P
N
A
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question