hi
when i am executing this in iptables i am getting this error.
i am using Redhat Enterprises linux 4
/sbin/iptables -A MAC -i eth1 -s 20.20.1.145 -p all -m mac --mac-source 00:0D:87:E9:84:5A - j ACCEPT
/sbin/iptables -A MAC -m state --state ESTABLISHED,RELATED -j ACCEPT
#-- Jump INPUT & FORWARD Polices to MAC
/sbin/iptables -A INPUT -p all -j MAC
/sbin/iptables -A FORWARD -p all -j MAC
/sbin/iptables -A MAC -i eth1 -p all -j DROP
Couldn't load target `MAC':/lib/iptables/libipt_MAC.so: cannot open shared object file: No such file or directory
MAC binding
Re: MAC binding
Dear venky145,venky145 wrote:hi
when i am executing this in iptables i am getting this error.
i am using Redhat Enterprises linux 4
/sbin/iptables -A MAC -i eth1 -s 20.20.1.145 -p all -m mac --mac-source 00:0D:87:E9:84:5A - j ACCEPT
/sbin/iptables -A MAC -m state --state ESTABLISHED,RELATED -j ACCEPT
#-- Jump INPUT & FORWARD Polices to MAC
/sbin/iptables -A INPUT -p all -j MAC
/sbin/iptables -A FORWARD -p all -j MAC
/sbin/iptables -A MAC -i eth1 -p all -j DROP
Couldn't load target `MAC':/lib/iptables/libipt_MAC.so: cannot open shared object file: No such file or directory
Use this command to check whether your iptables version support mac or not ?
[root@ns1 ~]# iptables -m mac -h
that will show you the output at the end
MAC v1.2.11 options:
--mac-source [!] XX:XX:XX:XX:XX:XX
Match source MAC address
iptables -I FORWARD -p all -m mac --mac-source 00:0D:87:E9:84:5A -j DROP
I am sure above command will resolve your problem.
Regards
Noman Liaquat Khanzada Rajput
Linux means productivity and fun.
We all love Linux, but it's also a fact that some people might not be able to migrate.
-
thecooldude
- Lance Naik
- Posts: 43
- Joined: Sun Nov 26, 2006 6:04 pm
- Location: Dubai, UAE.
- Contact:
Dear, Nauman Khan.
iptables -I FORWARD -p all -m mac --mac-source 00:0D:87:E9:84:5A -j DROP
The above given chain is wrong.
I'll suggess you to go for the right one mentioned below: - The requests are by passing through your BOX, FORWARD would be used yes, if you have seperate Firewall box but needs to be define with IP.
iptables -A INPUT -p all -m mac --mac-source 00:0D:87:E9:84:5A -j DROP
The above given chain is wrong.
I'll suggess you to go for the right one mentioned below: - The requests are by passing through your BOX, FORWARD would be used yes, if you have seperate Firewall box but needs to be define with IP.
iptables -A INPUT -p all -m mac --mac-source 00:0D:87:E9:84:5A -j DROP
-
thecooldude
- Lance Naik
- Posts: 43
- Joined: Sun Nov 26, 2006 6:04 pm
- Location: Dubai, UAE.
- Contact:
Re-Reply.
I've tested both, Even here is one more Example:
iptables -A INPUT -m mac --mac-source 00:0A:E6:29:E9:C1 -j DROP
Thanks
..
Regards,
Khurram Nawaz
0300-4141791.
iptables -A INPUT -m mac --mac-source 00:0A:E6:29:E9:C1 -j DROP
Thanks
..
Regards,
Khurram Nawaz
0300-4141791.
-
LinuxFreaK
- Site Admin
- Posts: 5132
- Joined: Fri May 02, 2003 10:24 am
- Location: Karachi
- Contact:
Re:
Dear thecooldude,
Salam,
You guys can take a look into following script.
FYI, http://www.linuxpakistan.net/forum2x/vi ... php?t=2182
Best Regards.
Salam,
You guys can take a look into following script.
FYI, http://www.linuxpakistan.net/forum2x/vi ... php?t=2182
Best Regards.
Farrukh Ahmed