Close Menu
    Facebook X (Twitter) Instagram
    TecAdmin
    • Home
    • FeedBack
    • Submit Article
    • About Us
    Facebook X (Twitter) Instagram
    TecAdmin
    You are at:Home»Security»Configure MAC based Filtering using Iptables in Linux

    Configure MAC based Filtering using Iptables in Linux

    By RahulAugust 29, 20142 Mins Read

    Security of data always have in top of priorities for systems administrator’s. Systems admin’s always tries to keep all the ports close for public used which is not required. But some times we are in require to allow some of our external users or clients to server via remote login. In that case we need to open firewall ports. Generally we use IP addresses to allow/deny a client via iptables, but it’s not necessary that each client has static ip on their side. In that case its hard to open port time to time for their ips. In this situation we can use MAC based filtering in iptables as we know that MAC addresses are fixed and can’t be changed. MAC addresses are also knows as physical/hardware address of network interface card.

    Iptables has a module, which provides mac based filtering of packets on specific ports. This article will help you to how to configure iptables to filter traffic based on MAC addresses.

    1. Allow Full Access to specific MAC

    Below command will allow all ports access to system having physical address 3E:D7:88:A6:66:8E.

    # iptables -I INPUT -m mac --mac-source 3E:D7:88:A6:66:8E -j ACCEPT
    
    2. Allow/Deny SSH Access to Specific MAC

    Below command will allow ssh access ( port 22) to system having physical address 3E:D7:88:A6:66:8E.
    To allow:

    # iptables -I INPUT -p tcp --dport 22 -m mac --mac-source 3E:D7:88:A6:66:8E -j ACCEPT
    

    To Deny:

    # iptables -I INPUT -p tcp --dport 22 -m mac --mac-source 3E:D7:88:A6:66:8E -j REJECT
    
    3. Restrict SSH to Everyone Except Specific MAC

    Below command will allow ssh access ( port 22) to system having physical address 3E:D7:88:A6:66:8E.

    # iptables -I INPUT -p tcp --port 22 -m mac ! --mac-source 3E:D7:88:A6:66:8E -j REJECT
    

    References:
    About MAC Address: http://en.wikipedia.org/wiki/MAC_address
    For Iptables: http://en.wikipedia.org/wiki/Iptables

    filtering ip iptables mac security
    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email WhatsApp

    Related Posts

    How to Allow Only SSH Access Using Iptables

    What is MAC Address?

    Setting Up a Port Forwarding Using Iptables in Linux

    View 3 Comments

    3 Comments

    1. Sanjeev on August 23, 2022 10:11 am

      Hello

      I’m unable to use this command. Using command number 3 I was unable to access my application from anywhere

      Reply
    2. Anderlan on July 11, 2016 6:58 am

      Would you break down each one of those lines? I have a stank ass Chines DVR that tries to tell external IP its whereabouts whenever it’s on (ARP who has DVR’s address please tell particular IP in Michigan or some shite). I’d like to just say, don’t forward anything from stank DVR mac, ever.

      Reply
      • Anderlan on July 11, 2016 7:05 am

        PS I’ve got some IP cams I want to set up in motion, too. I reckon they might try this funny business also. Pretty much any IoT thing I ever own, I want to just simply quash from ever getting on the internet at the MAC level. Just to have a simple policy and not worry any more. (All their business will be handled at my home server and it can handle any archival backup to the cloud (my VM) in its own custom way, thank you very much, conventional IoT setup.)

        Reply

    Leave A Reply Cancel Reply

    Advertisement
    Recent Posts
    • Ubuntu 24.04 LTS: The Future of Open-Source Excellence
    • How to Execute Linux Commands in Python
    • Creating MySQL User with GRANT OPTION
    • Where to find crontab (cron) logs in Ubuntu & Debian
    • Backing Up Docker Volumes and Upload to S3
    Facebook X (Twitter) Instagram Pinterest
    © 2023 Tecadmin.net. All Rights Reserved | Terms  | Privacy Policy

    Type above and press Enter to search. Press Esc to cancel.