Re: [PLUG] iptables question

Tobias DiPasquale on 7 Mar 2004 03:14:02 -0000

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] iptables question

From: Tobias DiPasquale <toby@cbcg.net>

To: plug@lists.phillylinux.org

Subject: Re: [PLUG] iptables question

Date: Sat, 06 Mar 2004 22:13:48 -0500

Organization: Cipher Block Chain Gang

Reply-to: plug@lists.phillylinux.org

Sender: plug-admin@lists.phillylinux.org

On Sat, 2004-03-06 at 21:53, John Lavin wrote: > Hi all - want to set up a pretty locked down couple of iptables rules to > block all traffic except for a few specific mac addresses for a wireless > hub. Put all the MACs for all the allowed interfaces in a file called "allowed_interfaces" in the format xx:xx:xx:xx:xx:xx (xx == hex digits). Then execute the following commands (as root, of course): # iptables -P INPUT DROP # iptables -P OUTPUT ACCEPT # iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT # for i in `cat allowed_interfaces`; do iptables -A INPUT -m mac --mac-source $i -j ACCEPT done # iptables-save > /etc/iptables.conf That will save the iptables config in /etc/iptables.conf. Most firewall init.d scripts for Linux distros will load rules in /etc/iptables.conf upon startup if the file exists. That will save you from having to write your own script. P.S. All this information is available in the iptables(8) man page. -- Tobias DiPasquale, www.cbcg.net 202A 04C4 2CE6 B985 8520 88D6 CD25 1A6C B9B5 1595
Attachment: signature.asc
Description: This is a digitally signed message part

Follow-Ups:

Re: [PLUG] iptables question
From: Tobias DiPasquale <toby@cbcg.net>

References:

[PLUG] iptables question
From: John Lavin <jlavin@wayreth.net>

Prev by Date: Re: [PLUG] iptables question

Next by Date: Re: [PLUG] iptables question

Previous by thread: Re: [PLUG] iptables question

Next by thread: Re: [PLUG] iptables question

Index(es):

Date

Thread