[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
On Sat, 2004年03月06日 at 21:53, John Lavin wrote: > Hi all - want to set up a pretty locked down couple of iptables rules to > block all traffic except for a few specific mac addresses for a wireless > hub. Put all the MACs for all the allowed interfaces in a file called "allowed_interfaces" in the format xx:xx:xx:xx:xx:xx (xx == hex digits). Then execute the following commands (as root, of course): # iptables -P INPUT DROP # iptables -P OUTPUT ACCEPT # iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT # for i in `cat allowed_interfaces`; do iptables -A INPUT -m mac --mac-source $i -j ACCEPT done # iptables-save > /etc/iptables.conf That will save the iptables config in /etc/iptables.conf. Most firewall init.d scripts for Linux distros will load rules in /etc/iptables.conf upon startup if the file exists. That will save you from having to write your own script. P.S. All this information is available in the iptables(8) man page. -- Tobias DiPasquale, www.cbcg.net 202A 04C4 2CE6 B985 8520 88D6 CD25 1A6C B9B5 1595
Attachment:
signature.asc
Description: This is a digitally signed message part