[Shorewall-users] Blocking local clients by Mac address

Bert Beaudin bert at spininart.com
Tue Oct 7 11:33:42 PDT 2003

Kool. I am trying to use the following at the end of my rules file

REJECT          loc:~00-06-5B-CE-6B-73         net     tcp     -
REJECT          loc:~00-06-5B-CE-6B-73         net     udp     -

But his is not working. I have also tried to add the following to the
blacklist file

~00-06-5B-CE-6B-73     tcp
~00-06-5B-CE-6B-73     udp

I have the folling in my interface file:
net     eth0            detect          dhcp,routefilter,blacklist
loc     eth1            detect          blacklist

I also have CONFIG_IP_NF_MATCH_MAC=y in my kernel

Any help would be great.


On Tue, 2003-10-07 at 08:46, Bert Beaudin wrote:
> Hello all
> 	I have shorewall 1.4.6c and I need to be able to block clients
on my 
> local lan by Mac address since they get there IP from DHCP. Can I do 
> this?


Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep at shorewall.net

More information about the Shorewall-users mailing list