Eu am facut asa: iptables -t mangle -A PREROUTING -i eth1 -j mark_known_hosts iptables -t mangle -A mark_known_hosts -m mac --mac-source \ 00-01-29-87-1D-28 -s 80.97.155.130 -j MARK --set-mark 1 am marcat pachetele cu care sunt de acord sa le forwardez. Apoi le accept iptables -A FORWARD -i eth1 -m mark --mark 1 -j ACCEPT Si cum dau drop la cele cu care nu sunt de acor?
e suficient: iptables -A INPUT -i eth1 -p tcp --syn -s 80.97.155.128/25 -m mark ! --mark 1 -j DROP On Sat, 19 Feb 2005 15:52:37 +0200 (EET), Tarhon-Onu Victor <[EMAIL PROTECTED]> wrote: > On Sat, 19 Feb 2005, Appended wrote: > > > iptables -A FORWARD -i eth1 -s 80.97.15.130 -m mac --mac-source > > 00-01-29-87-1D-28 -j ACCEPT > > Fa asta in mangle/prerouting. > Sau, mai elegant si mult mai putin solicitant dpdv. al > consumului de timpi de cpu al masinii tale, fa o tabela arp statica > pentru fiecare ip alocat, iar pentru cele nealocate da un mac aiurea pe > care sa-l blochezi in firewall. Hints: man arp, vezi arp -s, vezi > formatul fisierului ethers. > > -- > Any views or opinions presented within this e-mail are solely those of > the author and do not necessarily represent those of any company, unless > otherwise expressly stated. > > --- > Detalii despre listele noastre de mail: http://www.lug.ro/ > > --- Detalii despre listele noastre de mail: http://www.lug.ro/
