Find the answer to your Linux question:
Results 1 to 3 of 3
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1

    ipset ( mac address match in postrouting )

    I want to allow MAC address based authentication without ip address.
    For that source mac address is match in PREROUTING .

    ipset create macbasedusers bitmap:ip,mac range
    ipset add macbasedusers,00:19:b9:76:b9:b8 (Currently I have add ip manually for testing).

    iptables -t mangle -I PREROUTING -m set --match-set macbasedusers src,src -j ACCEPT

    now in POSTROUTING this condition is not match for destination because there is no MAC address match in POSTROUTING its work on ip layer.
    But my requirement is to allow flow only based on MAC ADDRESS. I want to create system in only MAC based authentication is there.

    So how to match MAC ADDRESS in POSTROUTING.???

  2. #2
    Just Joined!
    Join Date
    Jan 2011
    Fairfax, Virginia, USA
    Holly cow this is amazing! Thank you for the insight into ipset ... I never knew this existed.

  3. #3
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    The Keystone State
    My question is why would you want to do this POST? I see no reason for this to happen POST as this decision should be one of the first ones done before the packet is routed. Why go through all the routing just to drop it in the end?


    The adventure of a life time.

    Linux User #296285
    Get Counted


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts