Results 1 to 3 of 3
Splunking at my logs I found a long chain of unauthorized entries, already captured the IP's and MAC addresses, actually I use firestarter as my firewall solution but It doesn't ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 02-16-2006 #1
Question: How do I block someone using MAC or IP Address? (IPTables)
Splunking at my logs I found a long chain of unauthorized entries, already captured the IP's and MAC addresses, actually I use firestarter as my firewall solution but It doesn't allow me to introduce and Inbound "Black list" so I thought using IPTables...
How can I block this buggy guys trying to flood my server using iptables with MAC filtering (preferrable) or IP (last solution)? Please try to give me a full syntax and some little samples.
I'm still an trainee and training the hard way (by my own and continously reading my logs @.@) 'cause they don't teach this right now at my college (I'm a Linux geek Freshman XD), so please, patience about this question.
Thx for reading, I appreciate your answers & comments
- 02-18-2006 #2
- Join Date
- Feb 2006
/sbin/iptables -A INPUT -m mac --mac-source XX:XX:XX:XX:XX:XX -j DROP /sbin/iptables -A INPUT -s <address[/mask]> -j DROP
For example this could be a file which you load with iptables-restore (because iptables interpretes this, you don't need to give "/sbin/iptables"). Note this example config won't give a full protection for you!
*filter :INPUT DROP [0:0] :FORWARD DROP [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -m mac --mac-source 00:00:00:00:00:00 -j DROP -A INPUT -s 192.168.1.1 -j DROP COMMIT
- 02-20-2006 #3
Thanks 4 your help and pacience ! It really helps me a lot !
Well... I'm going to still searching effective ways to stop attacks, still learning and I thought It would be easy to stop them via MAC...
Thank you ! See you around.