[Shorewall-users] allowonly list for MAC-addresses

Tom Eastep teastep@shorewall.net
Wed, 24 Apr 2002 17:29:10 -0700 (Pacific Daylight Time)

On Thu, 25 Apr 2002, Magnus Stenman wrote:

> What would be the best (and most efficient) way of *only* allowing
> certain MAC addresses in packets arriving to an interface?
> "blacklist" and "common" don't seem to be the right place...
> something like a dead-end chain passed before everything else, which
> certain MAC adresses will bypass.
> I'm thinking of grepping out all the "registered" MAC addresses
> from my DHCP config automatically, to make wlan and empty ethernet
> socket hi-jacking a bit trickier.

Create /etc/shorewall/start, get out your iptables documentation and add
what you think you need. You will probably want to insert the jump to your
table in the mangle PREROUTING chain. Be sure to insert it before the
Shorewall generated rules.

Tom Eastep    \ Shorewall - iptables made easy
AIM: tmeastep  \ http://www.shorewall.net
ICQ: #60745924  \ teastep@shorewall.net