Find the answer to your Linux question:
Results 1 to 3 of 3
Splunking at my logs I found a long chain of unauthorized entries, already captured the IP's and MAC addresses, actually I use firestarter as my firewall solution but It doesn't ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined! dothacktsukimoto's Avatar
    Join Date
    Feb 2006
    Posts
    9

    Question: How do I block someone using MAC or IP Address? (IPTables)


    Splunking at my logs I found a long chain of unauthorized entries, already captured the IP's and MAC addresses, actually I use firestarter as my firewall solution but It doesn't allow me to introduce and Inbound "Black list" so I thought using IPTables...

    How can I block this buggy guys trying to flood my server using iptables with MAC filtering (preferrable) or IP (last solution)? Please try to give me a full syntax and some little samples.

    I'm still an trainee and training the hard way (by my own and continously reading my logs @.@) 'cause they don't teach this right now at my college (I'm a Linux geek Freshman XD), so please, patience about this question.

    Thx for reading, I appreciate your answers & comments

  2. #2
    Linux Newbie
    Join Date
    Feb 2006
    Location
    KP22
    Posts
    106
    Code:
    /sbin/iptables -A INPUT -m mac --mac-source XX:XX:XX:XX:XX:XX -j DROP
    /sbin/iptables -A INPUT -s <address[/mask]> -j DROP
    The first drops packets from selected MAC-address, second drops packets from selected IP.

    For example this could be a file which you load with iptables-restore (because iptables interpretes this, you don't need to give "/sbin/iptables"). Note this example config won't give a full protection for you!
    Code:
    *filter
    :INPUT DROP [0:0]
    :FORWARD DROP [0:0]
    :OUTPUT ACCEPT [0:0]
    
    -A INPUT -m mac --mac-source 00:00:00:00:00:00 -j DROP
    -A INPUT -s 192.168.1.1 -j DROP
    
    COMMIT
    Remember also that MAC and IP are both easy to change or even spoof.

  3. #3
    Just Joined! dothacktsukimoto's Avatar
    Join Date
    Feb 2006
    Posts
    9
    Thanks 4 your help and pacience ! It really helps me a lot !
    Well... I'm going to still searching effective ways to stop attacks, still learning and I thought It would be easy to stop them via MAC...
    Thank you ! See you around.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •