Hi Matthijs, I read in same web if i want to block same mac the command to do it is:
iptables -A INPUT -m mac --mac-source XX:YY:ZZ:AA:BB:CC -j DROP It's Works to me And the commans to allow only same mac's are iptables -P INPUT DROP iptables -P OUTPUT ACCEPT iptables -A INPUT -m mac --mac-source XX:YY:ZZ:AA:BB:CC -j ACCEPT iptables -A INPUT -m mac --mac-source 11:22:33:44:55:66 -j ACCEPT But this don't work to me. Others mac's can access to router. You know the reason? There is other rule in the router that permit to others mac's access to router? Regards, JJ. Calvo -----Mensaje original----- De: [email protected] [mailto:[email protected]] En nombre de [email protected] Enviado el: miƩrcoles, 30 de abril de 2014 13:00 Para: [email protected] Asunto: Development Digest, Vol 61, Issue 5 Send Development mailing list submissions to [email protected] To subscribe or unsubscribe via the World Wide Web, visit http://fonosfera.org/mailman/listinfo/development or, via email, send a message with subject or body 'help' to [email protected] You can reach the person managing the list at [email protected] When replying, please edit your Subject line so it is more specific than "Re: Contents of Development digest..." Today's Topics: 1. Re: mac filter in fonera 2n (Matthijs Kooijman - Fon) 2. Re: RV: How change the port of ssh in the Fonera 2n (Matthijs Kooijman - Fon) 3. Re: RV: How change the port of ssh in the Fonera 2n (Nuno Martins) ---------------------------------------------------------------------- Message: 1 Date: Wed, 30 Apr 2014 11:31:30 +0200 From: Matthijs Kooijman - Fon <[email protected]> To: [email protected] Subject: Re: [fonosfera] mac filter in fonera 2n Message-ID: <[email protected]> Content-Type: text/plain; charset="iso-8859-1" Hey JJ, > I read in same web's of openwrt if I put the next commands in file > /etc/config/w?reles > > config 'wifi-iface' 'private' > ..... > opcion 'maclis' 'XX:YY:ZZ:AA:BB:CC' > opcion 'macfilter' 'allow' This macfilter option is normally implemented by the wifi-driver specific scripts, which then add the macfilter into the wifi driver. However, for the 2.0n driver, this is not implemented. I suspect the driver can do it, but documentation for the (closed source :-( ) driver is not readily available. Your best bet might be to block unwanted mac addresses through iptables rules. This would mean that unlisted addresses can associate, but then won't get an IP address and can't send any actual data. Regards, Matthijs Kooijman -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: Digital signature URL: <http://fonosfera.org/pipermail/development/attachments/20140430/74bb43c7/at tachment-0001.pgp> ------------------------------ Message: 2 Date: Wed, 30 Apr 2014 13:03:34 +0200 From: Matthijs Kooijman - Fon <[email protected]> To: [email protected] Subject: Re: [fonosfera] RV: How change the port of ssh in the Fonera 2n Message-ID: <[email protected]> Content-Type: text/plain; charset="iso-8859-1" Hey JJ, > But I can?t access ssh out of fonera with port 28200. The ssh <ip>/28200 its > for a moment waiting but least give the message ?Time out? I just tested this, and it turns out you have to forward to the WAN ip of the Fonera, not 127.0.0.1. I added a forwarding rule "TCP port 2222 to 192.168.1.184 port 22" and I can now connect to ssh on port 2222 on the WAN side of my Fonera. Apologies for the earlier wrong advice, I remembered wrong :-) > One Question. What the mining off IIRC? I don't think I understand the question... Regards, Matthijs Kooijman -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: Digital signature URL: <http://fonosfera.org/pipermail/development/attachments/20140430/a00246ea/at tachment-0001.pgp> ------------------------------ Message: 3 Date: Wed, 30 Apr 2014 12:34:01 +0100 From: Nuno Martins <[email protected]> To: [email protected] Subject: Re: [fonosfera] RV: How change the port of ssh in the Fonera 2n Message-ID: <caagcah2-nhhhl-pqrpftj45w_rcsaazmep1qp7kjqld-byp...@mail.gmail.com> Content-Type: text/plain; charset=UTF-8 On Wed, Apr 30, 2014 at 12:03 PM, Matthijs Kooijman - Fon <[email protected]> wrote: > Hey JJ, Hi JJ, > >> But I can?t access ssh out of fonera with port 28200. The ssh <ip>/28200 its >> for a moment waiting but least give the message ?Time out? > I just tested this, and it turns out you have to forward to the WAN ip > of the Fonera, not 127.0.0.1. I added a forwarding rule "TCP port 2222 > to 192.168.1.184 port 22" and I can now connect to ssh on port 2222 on > the WAN side of my Fonera. > > Apologies for the earlier wrong advice, I remembered wrong :-) > >> One Question. What the mining off IIRC? > I don't think I understand the question... The meaning of IIRC is If I remember correctly or If I recall correctly. > > Regards, > > Matthijs Kooijman > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.9 (GNU/Linux) > > iEYEARECAAYFAlNg2IYACgkQz0nQ5oovr7x0EACfaHU5yHupslFX7f0bH1lGy7YS > 1OUAn21B/s3MIJNk0ZUdmyvZFlmrFv8h > =vddS > -----END PGP SIGNATURE----- > > _______________________________________________ > Development mailing list > [email protected] > http://fonosfera.org/mailman/listinfo/development > Best regards, -- Nuno Martins ------------------------------ _______________________________________________ Development mailing list [email protected] http://fonosfera.org/mailman/listinfo/development End of Development Digest, Vol 61, Issue 5 ****************************************** _______________________________________________ Development mailing list [email protected] http://fonosfera.org/mailman/listinfo/development
