IPTables drop rules on forward but not for certain MAC's question

06-08-2007, 11:28 AM

Hi all,

I have been asked to implement the following rules on our firewall:

iptables -A FORWARD -p tcp --dport 1863 -j DROP
iptables -A FORWARD -d 207.46.110.0/25 -j DROP
iptables -A FORWARD -d 207.46.104.20 -j DROP

however we dont want to block two MAC addresses from having this rule
applied, what is the simplest way this could be achieved?

Thanks in advance

David

06-08-2007, 02:10 PM

On Fri, 08 Jun 2007 04:28:20 -0700, David <(E-Mail Removed)> wrote:

>Hi all,
>
>I have been asked to implement the following rules on our firewall:
>
>iptables -A FORWARD -p tcp --dport 1863 -j DROP
>iptables -A FORWARD -d 207.46.110.0/25 -j DROP
>iptables -A FORWARD -d 207.46.104.20 -j DROP

Stop Vista calling home?
>
>however we dont want to block two MAC addresses from having this rule
>applied, what is the simplest way this could be achieved?

man iptables:
mac
--mac-source [!] address
Match source MAC address. It must be of the form XX:XX:XX:XX:XX:XX.
Note that this only makes sense for packets coming from an Ethernet
device and entering the PREROUTING, FORWARD or INPUT chains.

Grant.

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
How to register DROP rules in the kernel mode.	shetravel@gmail.com	Linux Networking	0	11-16-2007 04:41 AM
iptables port forward question	Ken Williams	Linux Networking	2	07-21-2006 08:55 PM
IPTABLES question, multiple rules	=?ISO-8859-1?Q?Hern=E1n_Freschi?=	Linux Networking	3	04-22-2005 02:21 AM
Looking for iptables applications code (iptables.c) to run some rules to forward packets	tvnaidu@yahoo.com	Linux Networking	2	01-17-2005 05:01 PM
iptables - url forward	soraya soch	Linux Networking	0	11-02-2003 09:40 AM