On 12-Feb-2002 Nick wrote:
> I got some nasty users behind proxying / filtering server,..
proxy auth, ...
> sometimes they change their ip address to get out from the
> restrictions.
>
> What should I do to prevent this ? ( I use iptables )
Test the combination MAC/IP. Works with ethernet, no idea of token
ring.
from iptables-man:
mac
--mac-source [!] address
Match source MAC address. It must be of the form
XX:XX:XX:XX:XX:XX. Note that this only makes sense
for packets entering the PREROUTING, FORWARD or
INPUT chains for packets coming from an ethernet
device.
snippet from my script:
# validate source MAC address
# outgoing packets from FW have to be handled by static arp entries !
if [ $IP_MAC_elements -ne 0 ]; then # there is a MAC-table
$IPT -A INPUT -i $LOCAL_IFACE -j validate_mac
$IPT -A FORWARD -i $LOCAL_IFACE -j validate_mac
fi
[...]
# ==========================================================
# CHAIN validate_mac
if [ $IP_MAC_elements -ne 0 ]; then # there is a MAC-table
i=0
while [ $i -lt $IP_MAC_elements ]; do
$IPT -A validate_mac -s ${IP_MAC_IP[$i]} -m mac --mac-source
${IP_MAC_MAC[$i]} -j RETURN
i=$((i+1))
done
# no valid combination found, so this is a new or faked one =>
LOGDROP
$IPT -A validate_mac -j LOG --log-prefix "<DROP> [validate_mac]:"
$IPT -A validate_mac -j DROP
fi
--
Bye, Andreas Pretzsch email: [EMAIL PROTECTED]
PGP fingerprint = 5C 98 05 A1 15 0A E5 72 4D 49 CA 2A EC CA 14 07
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
