Block device(name) with iptables?

I use iptables to block IoT devices like TV or a Harmony hub, I do this by mac address.

I use this rule for this purpose;
iptables -A forwarding_rule -m mac --mac-source XX:XX:XX:XX::XX:XX --jump REJECT

There are some devices that spoof there mac address every time they make a connection, like an iPhone for example. But I do know the names of this devices.

Is there a iptables rule that I can use to block a device on his devicename.

Like 'iphone from david'

You must identify the device somehow.
If you can't, consider moving the iot devices in a separate interface with blocked access to the wan and selective permissions only.


@trendy thanks for your reply, makes things clear for me.

1 Like

if you just have one device of the same generation you could identify your device by hostname. e.g. android devices have the same for each "generation": Galaxy-S8, Galaxy-S9, etc. the hostname could be changed on the device itself also.
so you could (i don't know if possible; don't have device to test now) assign a static ip for a certain hostname via dnsmasq (according to this: mac is not a required attribute). the device should get the same ip always. now you could block the device over ip within iptables. (in my ofc limited theory :smiley: ).

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.