Recipe 2.11 Controlling Access by MAC Address

Previous page
Table of content
Next page

2.11.1 Problem

You want only a particular machine, identified by its MAC address, to access your system.

2.11.2 Solution

# iptables -F INPUT # iptables -A INPUT -i lo -j ACCEPT # iptables -A INPUT -m mac --mac-source 12:34:56:89:90:ab -j ACCEPT # iptables -A INPUT -j REJECT

ipchains does not support this feature.

2.11.3 Discussion

This technique works only within your local subnet. If you receive a packets from a machine outside your subnet, it will contain your gateway's MAC address, not that of the original source machine.

MAC addresses can be spoofed. Suppose you have a machine called mackie whose MAC address is trusted by your firewall. If an intruder discovers this fact, and mackie is down, the intruder could spoof mackie's MAC address and your firewall would be none the wiser. On the other hand, if mackie is up during the spoofing, its kernel will start screaming (via syslog) about duplicate MAC addresses.

Note that our recipe permits local connections from your own host; these arrive via the loopback interface.

2.11.4 See Also

iptables(8), ipchains(8).

Previous page
Table of content
Next page
Linux Security Cookbook
Linux Security Cookbook
ISBN: 0596003919
EAN: 2147483647
Year: 2006
Pages: 247
Authors: Daniel J. Barrett, Richard E. Silverman, Robert G. Byrnes
BUY ON AMAZON
Introducing Microsoft Office InfoPath 2003 (Bpg-Other)
VBScript Programmers Reference
Service-Oriented Architecture (SOA): Concepts, Technology, and Design
Microsoft WSH and VBScript Programming for the Absolute Beginner
Comparing, Designing, and Deploying VPNs
The Oracle Hackers Handbook: Hacking and Defending Oracle
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy