i have got the following script from this forum, but i m confused on this term "wlan0" what does it mean, is it resembling to my eth0 of my network from which my server will accept requests from the clients.. please respond thanks in advance
# if a request comes in from wlan0, check its MAC by jumping to the maccheck table
iptables -t mangle -I PREROUTING -i wlan0 -p tcp -j maccheck
# create the maccheck table of allowed MACs
allowed_mac="iptables -t mangle -A maccheck -m mac -j RETURN --mac-source "
# if any of these match the current MAC, we return from this table without
# doing anything
$allowed_mac 00:11:22:33:44:55
$allowed_mac 11:22:33:44:55:66
# otherwise, give any disallowed MAC address the mark 1 and log it
iptables -t mangle -A maccheck -j MARK --set-mark 1
iptables -t mangle -A maccheck -j LOG --log-prefix="set mark 1: "
iptables -t mangle -A maccheck -j RETURN
# do something with marked requests -- like force them to the local webserver's
# port 81 no matter what their intended destination
iptables -t nat -A PREROUTING -m mark --mark 1 -p tcp --destination-port 80 -j DNAT --to-destination=192.168.0.1:81
but i want some of the clients on my network to access internet, like if i want to put only few clients mac addresses for allowing them to use internet and for others their packets will be dropped, if their mac address is not specified on the script. Then what should i edit in my script, so that it can work for my local network, instead of wireless lan... thanks
shahzad wrote:can you please give me the syntax of allowing mac addresses in /etc/rc.local, without writing the one lengthy mac script...
The following code will block users whose mac address are 00:20:18:8a:31:41 and 00:C0:DF:0A:5D:89 and if you want to allow them just comment the iptable command.
# Blocked Users
iptables -I INPUT -p all -m mac --mac-source 00:20:18:8a:31:41 -j DROP
#
iptables -I INPUT -p all -m mac --mac-source 00:C0:DF:0A:5D:89 -j DROP
But actually you have mentioned the syntax of blocking users with mac addresses that u specify. But i want that i only put the allow list of my client's mac addresses, and other users with different mac addresses that are not allowed in my list will be blocked. Is there any syntax through which i can block all the clients on my network, and when i specify the only allowed mac address list on the /etc/rc.local . then it will allow only those clients on my network, whose mac address is specified in the /etc/rc.local file to be allowed... Thanks.
/sbin/iptables -A INPUT -p tcp -j MAC_RULE
iptables -N MAC_RULE
iptables -A MAC_RULE -j DROP
iptables -N MAC_RULE
iptables -A MAC_RULE -j ACCEPT -m mac --mac-source 00:07:40:4C:EE:00
iptables -A MAC_RULE -j DROP
# old mac blocking rules
# /sbin/iptables -A INPUT -j DROP -m mac --mac-source 08:00:46:67:B1:5E
# /sbin/iptables -A INPUT -j DROP -m mac --mac-source 00:08:0D:EF:13:12
# /sbin/iptables -A INPUT -j DROP -m mac --mac-source 00:07:40:1C:1E:A2
/sbin/iptables -A FORWARD -p tcp -j MAC_RULE