Changes

Jump to navigation Jump to search
609 bytes added ,  17:39, 10 October 2010
added example code to Block mac address
Line 56: Line 56:  
  man iptables
 
  man iptables
 
The template fragment needs to be placed in the right order, so that other rules do not negate the rule eg
 
The template fragment needs to be placed in the right order, so that other rules do not negate the rule eg
  10blockIP
+
  20blockIP
 +
 
 +
Example:
 +
To block access based on the mac address of the NIC of the wokstation (not on IP)
 +
mkdir -p /etc/e-smith/templates-custom/etc/rc.d/init.d/masq/
 +
pico -w /etc/e-smith/templates-custom/etc/rc.d/init.d/masq/20Blockmac
 +
Add the following code to the fragment and save
 +
/sbin/iptables -A INPUT -m mac --mac-source XX:XX:XX:XX:XX:XX -j DROP
 +
(Replace XX.XX.XX.XX.XX.XX with actual mac address)
 +
 
 +
expand-template /etc/rc.d/init.d/masq
 +
/etc/init.d/masq restart
 +
 
 +
Check that blocking works as expected
 +
 
 +
To see the iptables that are in effect on your server, issue the command
 +
iptables --list
 +
or
 +
iptables -L
    
====Block outgoing ports====
 
====Block outgoing ports====
624

edits

Navigation menu