OpenWrt Forum Archive

Topic: iptables by mac address

The content of this topic has been archived on 26 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

hello i wanted accept ports by mac address so here is the command


iptables -I INPUT 1 -p tcp -m tcp --dport 1723 -j DROP
iptables -I INPUT 1 -p tcp -m tcp --dport 1723 -m mac --mac-source 00:11:22:33:44:55 -j ACCEPT


now, i have several machine using same NIC that have same range of mac addresses.
so would this command work? or could someone correct me?

iptables -I INPUT 1 -p tcp -m tcp --dport 1723 -m mac --mac-source 00:11:22:*:*:* -j ACCEPT

Thanks.

Even if this is possible, IMHO it is ill advised.  MAC addresses are too easily faked to be used for even the most rudimentary security.

While MAC addresses can be changed, so can IP addresses.

You may want to look into ebtables. I did some work with bridging IPv6, and instituting a bridging firewall.

https://github.com/cvmiller/v6brouter

The discussion might have continued from here.