Portál AbcLinuxu, 12. května 2025 13:49
Ahoj,
prosim o radu, mam OpenSuse 10.2, pouzivam YAST k nastaveni firewallu. Docetl jsem se, ze jde pouze scriptovací frontend pro iptables. Potreboval bych filtrovat klientske stanice podle MACu pro pristup k internetu. Mam 2 rozhrani - LAN, WAN a maskaradu.
Nasel jsem toto (vyhovuje mi i e to je whitelist):
> What I'm looking to do is be able to filter what goes through the nat to
> the outside world based on MAC address. It's going to be an all or
> nothing... either the MAC address is allowed to go out, or it isn't.
>
> How can I enable/disable internet access on a network for a MAC address,
> for computers going through a linux IP MASQ/NAT to the outside world?
Why don't you use the Mac-match module?
ALLOWED_MACS="01:02:03:04:05:06 06:05:04:03:02:01"
iptables -P FORWARD DROP
for allowed_mac in $ALLOWED_MACS ; do
iptables -A FORWARD -i eth0 -o ppp0 -m mac \
--mac-source "${allowed_mac}" -j ACCEPT
done
and natting as usual.
root# iptables -V
iptables v1.2.6a
Jak to aplikovat? Byl bych rad, aby zustala moznost uprav i z YAST. Diky za kazdou radu.
Bimbo
No tak to napiš v Yastu jako vlastní pravidlo.
Tiskni
Sdílej:
ISSN 1214-1267, (c) 1999-2007 Stickfish s.r.o.