Results 1 to 3 of 3
I want to allow MAC address based authentication without ip address. For that source mac address is match in PREROUTING . ipset create macbasedusers bitmap:ip,mac range 10.104.1.0/24 ipset add macbasedusers ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 02-23-2012 #1
- Join Date
- Mar 2011
ipset ( mac address match in postrouting )
For that source mac address is match in PREROUTING .
ipset create macbasedusers bitmap:ip,mac range 10.104.1.0/24
ipset add macbasedusers 10.104.1.122,00:19:b9:76:b9:b8 (Currently I have add ip manually for testing).
iptables -t mangle -I PREROUTING -m set --match-set macbasedusers src,src -j ACCEPT
now in POSTROUTING this condition is not match for destination because there is no MAC address match in POSTROUTING its work on ip layer.
But my requirement is to allow flow only based on MAC ADDRESS. I want to create system in only MAC based authentication is there.
So how to match MAC ADDRESS in POSTROUTING.???
- 02-24-2012 #2
- Join Date
- Jan 2011
- Fairfax, Virginia, USA
Holly cow this is amazing! Thank you for the insight into ipset ... I never knew this existed.
- 02-24-2012 #3
My question is why would you want to do this POST? I see no reason for this to happen POST as this decision should be one of the first ones done before the packet is routed. Why go through all the routing just to drop it in the end?
The adventure of a life time.
Linux User #296285