Hello, Continuing my quest for iptables enlightenment....I have a question about 'mac address' syntax. All options for mac and arp have been compiled into a gentoo-hardened kernel.
I'm using variations of this syntax in my script. # Rule to only allow ssh by MAC address iptables -A INPUT -i eth0 -p tcp -m mac --mac-source xx:xx:xx:xx:xx:xx \ --source-port 1024:65535 -d <ip.address> --dport 22 -j ACCEPT Where the mac address xx...xx is the system allowed in, via ssh and the ip.address is that of the destination (/24 based) host The rule works well when packets have to traverse a firewall/router as mac addresses do not get propagated (I think). However, when I use similar syntax to prevent a system on the same local (ethernet) segment from being able to ssh into a local system, it does prevent ssh access, as expected. Granted MAC addresses can be foiled, especially on the same segment, but how do I make this rule work?: On a local segemnt how would I modify the syntax so that only a select machine (maybe IP + MAC) could access a host, running iptables, via ssh? thoughts and ideas are most welcome. James -- [email protected] mailing list
