Question: How do I block someone using MAC or IP Address? (IPTables)

[dothacktsukimoto]

Splunking at my logs I found a long chain of unauthorized entries, already captured the IP's and MAC addresses, actually I use firestarter as my firewall solution but It doesn't allow me to introduce and Inbound "Black list" so I thought using IPTables...

How can I block this buggy guys trying to flood my server using iptables with MAC filtering (preferrable) or IP (last solution)? Please try to give me a full syntax and some little samples.

I'm still an trainee and training the hard way (by my own and continously reading my logs @.@) 'cause they don't teach this right now at my college (I'm a Linux geek Freshman XD), so please, patience about this question.

Thx for reading, I appreciate your answers & comments

[kavalakala]

Code:

/sbin/iptables -A INPUT -m mac --mac-source XX:XX:XX:XX:XX:XX -j DROP
/sbin/iptables -A INPUT -s <address[/mask]> -j DROP

The first drops packets from selected MAC-address, second drops packets from selected IP.

For example this could be a file which you load with iptables-restore (because iptables interpretes this, you don't need to give "/sbin/iptables"). Note this example config won't give a full protection for you!

Code:

*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]

-A INPUT -m mac --mac-source 00:00:00:00:00:00 -j DROP
-A INPUT -s 192.168.1.1 -j DROP

COMMIT

Remember also that MAC and IP are both easy to change or even spoof.

[dothacktsukimoto]

Thanks 4 your help and pacience ! It really helps me a lot !
Well... I'm going to still searching effective ways to stop attacks, still learning and I thought It would be easy to stop them via MAC...
Thank you ! See you around.