Shorewall users - Nov 2003 - DHCP / Cable modem - Block & Allow MACs

hi 

can some body tell me hiow the MAC address wise block the incomming packets ?

pls this is very urgent .

i want to block  all the MACs which r try to come in to the DHCP server .
finally i would be able to allow only the trusted users . this concept finally
add to the cable modem setup.

but exactly i need ur help to do this , because i''m new to shorewall
and iptables .

pls help

thanx

On Wednesday 26 November 2003 13:49, curlybraces wrote:
> can some body tell me hiow the MAC address wise block the incomming packets
?
http://www.shorewall.net/

but i bet your dhcpd server could handle this natively without need for a
firewall :-)
> pls this is very urgent .
yes santa is around the corner :)

On Wed, 2003-11-26 at 04:49, curlybraces wrote:
> 
> pls this is very urgent .
> 
Urgent problems are often best solved by looking at the documentation.
Entering "MAC" in the "Quick Search" form at the top of the
Shorewall
Home page returns a number of useful references.

Shorewall supports "MAC Verification" where you can restrict the
traffic
into an interface to a set of MAC addresses. Optionally, each MAC
address may be restricted to a set of one or more IP addresses.

	http://www.shorewall.net->Documentation->MAC Verification

You might also try looking at the rules file documentation (either
on-line or in your /etc/shorewall/rules file itself) -- the SOURCE zone
of a rule may be qualified with a MAC address so you can create specific
rules to allow/deny traffic by MAC address.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net

On Wed, 2003-11-26 at 06:55, Tom Eastep wrote:
> 
> Shorewall supports "MAC Verification" where you can restrict the
traffic
> into an interface to a set of MAC addresses. Optionally, each MAC
> address may be restricted to a set of one or more IP addresses.
> 
> 	http://www.shorewall.net->Documentation->MAC Verification
> 
> You might also try looking at the rules file documentation (either
> on-line or in your /etc/shorewall/rules file itself) -- the SOURCE zone
> of a rule may be qualified with a MAC address so you can create specific
> rules to allow/deny traffic by MAC address.
In your case, however, I agree with Benny Pedersen -- the problem is
much better solved using configuration features of your DHCP server.
DHCP servers on Linux use RAW sockets and trying to filter DHCP with
iptables (Shorewall) will produce odd and rather unsatisfactory results.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net