IPTables drop rules on forward but not for certain MAC's question - Networking

This is a discussion on IPTables drop rules on forward but not for certain MAC's question - Networking ; Hi all, I have been asked to implement the following rules on our firewall: iptables -A FORWARD -p tcp --dport 1863 -j DROP iptables -A FORWARD -d 207.46.110.0/25 -j DROP iptables -A FORWARD -d 207.46.104.20 -j DROP however we dont ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: IPTables drop rules on forward but not for certain MAC's question

  1. IPTables drop rules on forward but not for certain MAC's question

    Hi all,

    I have been asked to implement the following rules on our firewall:

    iptables -A FORWARD -p tcp --dport 1863 -j DROP
    iptables -A FORWARD -d 207.46.110.0/25 -j DROP
    iptables -A FORWARD -d 207.46.104.20 -j DROP

    however we dont want to block two MAC addresses from having this rule
    applied, what is the simplest way this could be achieved?

    Thanks in advance

    David


  2. Re: IPTables drop rules on forward but not for certain MAC's question

    On Fri, 08 Jun 2007 04:28:20 -0700, David wrote:

    >Hi all,
    >
    >I have been asked to implement the following rules on our firewall:
    >
    >iptables -A FORWARD -p tcp --dport 1863 -j DROP
    >iptables -A FORWARD -d 207.46.110.0/25 -j DROP
    >iptables -A FORWARD -d 207.46.104.20 -j DROP


    Stop Vista calling home?
    >
    >however we dont want to block two MAC addresses from having this rule
    >applied, what is the simplest way this could be achieved?


    man iptables:
    mac
    --mac-source [!] address
    Match source MAC address. It must be of the form XX:XX:XX:XX:XX:XX.
    Note that this only makes sense for packets coming from an Ethernet
    device and entering the PREROUTING, FORWARD or INPUT chains.

    Grant.

+ Reply to Thread