Bert Beaudin
2003-Oct-07 09:33 UTC
[Shorewall-users] Blocking local clients by Mac address
Kool. I am trying to use the following at the end of my rules file REJECT loc:~00-06-5B-CE-6B-73 net tcp - REJECT loc:~00-06-5B-CE-6B-73 net udp - But his is not working. I have also tried to add the following to the blacklist file ~00-06-5B-CE-6B-73 tcp ~00-06-5B-CE-6B-73 udp I have the folling in my interface file: net eth0 detect dhcp,routefilter,blacklist loc eth1 detect blacklist I also have CONFIG_IP_NF_MATCH_MAC=y in my kernel Any help would be great. Thanks, Bert On Tue, 2003-10-07 at 08:46, Bert Beaudin wrote:> Hello all > I have shorewall 1.4.6c and I need to be able to block clientson my> local lan by Mac address since they get there IP from DHCP. Can I do > this? >Yes. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
On Tue, 2003-10-07 at 09:33, Bert Beaudin wrote:> Kool. I am trying to use the following at the end of my rules file > > REJECT loc:~00-06-5B-CE-6B-73 net tcp - > REJECT loc:~00-06-5B-CE-6B-73 net udp - > > But his is not working. I have also tried to add the following to the > blacklist file > > ~00-06-5B-CE-6B-73 tcp > ~00-06-5B-CE-6B-73 udp > > I have the folling in my interface file: > net eth0 detect dhcp,routefilter,blacklist > loc eth1 detect blacklist > > I also have CONFIG_IP_NF_MATCH_MAC=y in my kernel > > Any help would be great. >Please send the output of shorewall status as an attachment. Thanks, -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net