-2

In Ubuntu 16.04LTS, I typed the folllowing lines:

iptables -F
iptables -X
iptables -A INPUT -m mac --mac-source 1C:**:2C:**:72:**:78 -j ACCEPT

here is the result of iptables -L -nvx.

I can't access my web server (port 80) with the machine that MAC address is 1C:**:2C:**:72:**:78.

However, with rule iptables -P INPUT ACCESS on the web server, it works well.

Could anyone give me any solution or advice for this?

Thanks.

Jeff Bencteux
  • 1,248
  • 14
  • 26
Mike Min
  • 11
  • 4

2 Answers2

2

I believe that it will not work with you except that your PC is on the same LAN with the WEB server. Because if you where on different LAN then your packets will reach the server with the mac address with the latest network interface before the web server (which is the network switch interface mac address).

So you can filter the packets based on MAC address only if you where on the same LAN.

M Qudah
  • 33
  • 1
  • 3
  • 1
    Thank you. Then Usually which method is used for the filtering? please let me know the way or any advices for it... – Mike Min Apr 27 '16 at 11:09
  • You can allow your public IP unless you are behind a NATed IP and you do not want to allow the entire network behind the NATed IP to access your server or you do not have static IP, if so then as far as I know no way to restrict the access to your PC except if you have a VPN connection to your server. – M Qudah Apr 27 '16 at 14:01
0

You need to supply the MAC address in the form xx:xx:xx:xx:xx:xx, not with :: in between. I.e.:

iptables -A INPUT -m mac --mac-source xx:xx:xx:xx:xx:xx -j ACCEPT

From man iptables:

--mac-source [!] address

Match source MAC address. It must be of the form XX:XX:XX:XX:XX:XX. Note that this only makes sense for packets coming from an Ethernet device and entering the PREROUTING, FORWARD or INPUT chains.

Community
  • 1
  • 1
molivier
  • 1,914
  • 14
  • 17