Facebook Twitter Instagram
    TecAdmin
    • Home
    • Ubuntu 20.04
      • Upgrade Ubuntu
      • Install Java
      • Install Node.js
      • Install Docker
      • Install LAMP Stack
    • Tutorials
      • AWS
      • Shell Scripting
      • Docker
      • Git
      • MongoDB
    • FeedBack
    • Submit Article
    • About Us
    Facebook Twitter Instagram
    TecAdmin
    Home»Security»Configure MAC based Filtering using Iptables in Linux

    Configure MAC based Filtering using Iptables in Linux

    RahulBy RahulAugust 29, 20142 Mins Read

    Security of data always have in top of priorities for systems administrator’s. Systems admin’s always tries to keep all the ports close for public used which is not required. But some times we are in require to allow some of our external users or clients to server via remote login. In that case we need to open firewall ports. Generally we use IP addresses to allow/deny a client via iptables, but it’s not necessary that each client has static ip on their side. In that case its hard to open port time to time for their ips. In this situation we can use MAC based filtering in iptables as we know that MAC addresses are fixed and can’t be changed. MAC addresses are also knows as physical/hardware address of network interface card.

    Iptables has a module, which provides mac based filtering of packets on specific ports. This article will help you to how to configure iptables to filter traffic based on MAC addresses.

    1. Allow Full Access to specific MAC

    Below command will allow all ports access to system having physical address 3E:D7:88:A6:66:8E.

    # iptables -I INPUT -m mac --mac-source 3E:D7:88:A6:66:8E -j ACCEPT
    
    2. Allow/Deny SSH Access to Specific MAC

    Below command will allow ssh access ( port 22) to system having physical address 3E:D7:88:A6:66:8E.
    To allow:

    # iptables -I INPUT -p tcp --dport 22 -m mac --mac-source 3E:D7:88:A6:66:8E -j ACCEPT
    

    To Deny:

    # iptables -I INPUT -p tcp --dport 22 -m mac --mac-source 3E:D7:88:A6:66:8E -j REJECT
    
    3. Restrict SSH to Everyone Except Specific MAC

    Below command will allow ssh access ( port 22) to system having physical address 3E:D7:88:A6:66:8E.

    # iptables -I INPUT -p tcp --port 22 -m mac ! --mac-source 3E:D7:88:A6:66:8E -j REJECT
    

    References:
    About MAC Address: http://en.wikipedia.org/wiki/MAC_address
    For Iptables: http://en.wikipedia.org/wiki/Iptables

    filtering ip iptables mac security
    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email WhatsApp
    Previous ArticleHow to Install Latest WordPress on CentOS, RHEL & Fedora
    Next Article How to Check If Your Business Network Is Poorly Defended

    Related Posts

    How to Install and Configure Fail2ban on Debian 11

    3 Mins Read

    How To Set Up SSH Keys in Linux

    5 Mins Read

    How To Secure SSH Server

    Updated:July 24, 20215 Mins Read

    Linux ip Command and Examples

    Updated:July 15, 20218 Mins Read

    Chattr Command in Linux with Examples

    Updated:July 10, 20213 Mins Read

    How to Disable SELinux on Fedora

    Updated:June 24, 20223 Mins Read

    2 Comments

    1. Anderlan on July 11, 2016 6:58 am

      Would you break down each one of those lines? I have a stank ass Chines DVR that tries to tell external IP its whereabouts whenever it’s on (ARP who has DVR’s address please tell particular IP in Michigan or some shite). I’d like to just say, don’t forward anything from stank DVR mac, ever.

      Reply
      • Anderlan on July 11, 2016 7:05 am

        PS I’ve got some IP cams I want to set up in motion, too. I reckon they might try this funny business also. Pretty much any IoT thing I ever own, I want to just simply quash from ever getting on the internet at the MAC level. Just to have a simple policy and not worry any more. (All their business will be handled at my home server and it can handle any archival backup to the cloud (my VM) in its own custom way, thank you very much, conventional IoT setup.)

        Reply

    Leave A Reply Cancel Reply

    Recent Posts
    • Filesystem Hierarchy Structure (FHS) in Linux
    • How to accept user input in Python
    • What is difference between var, let and const in JavaScript?
    • What is CPU? – Definition, Types and Parts
    • What is the /etc/aliases file
    Facebook Twitter Instagram Pinterest
    © 2022 Tecadmin.net. All Rights Reserved | Terms  | Privacy Policy

    Type above and press Enter to search. Press Esc to cancel.