Use iptables: http://www.cyberciti.biz/tips/iptables-mac-address-filtering.html
GUI tools and scripts exist to help you with the configuration of ipchains. See: - EasyFw <http://www.linux-kheops.com/pub/easyfw/> - Tcl/Tk - RPM available from web site. RPM installs command: /usr/local/bin/easyfw - Firestarter <http://firestarter.sourceforge.net/> - Configuration of firewall and real-time hit monitor for the Gnome desktop. Configures ipchains (kernel 2.2) and iptables (kernel 2.4) - Firewall Builder <http://www.fwbuilder.org/> - iptables, ipfilter and OpenBSD PF. (GTK--) Included with Red Hat 7.x is the Gnome GUI tool gnome-lokkit. (ipchains) Tools for iptables configuration: - Webmin <http://www.webmin.com/webmin/> - Linux web admin tool - Shorewall <http://shorewall.sourceforge.net/> - NARC: Netfilter Automatic Rule Configurator<http://www.knowplace.org/netfilter/narc.html> What is your distro? Webmin might assist you the easiest? But basically, an iptable is a text file. iptables is daemon that runs. you can save the tables to text on the fly: iptables-save >/root/tablesfiles without saving them forever and edit them to look something like (change for your ports and your mac addresses) this very basic version: # Generated by iptables-save v1.4.1.1 on Tue May 5 17:50:52 2009 *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [373535:34202389] -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -m mac --mac-source 00:14:BF:7A:4D:2D -j ACCEPT -A INPUT -m mac --mac-source 00:18:DE:A5:00:41 -j ACCEPT -A INPUT -j DROP -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited -A INPUT -s 127.0.0.1/32 -p tcp -m tcp --dport 3306 -j ACCEPT -A INPUT -s 127.0.0.1/32 -p tcp -m tcp --dport 25 -j ACCEPT -A INPUT -s 204.13.248.71/32 -p tcp -m tcp --dport 2525 -j ACCEPT -A INPUT -s 192.168.1.0/24 -p tcp -m tcp --dport 3306 -j DROP -A INPUT -s 127.0.0.1/32 -p udp -m udp --dport 68 -j ACCEPT -A INPUT -s 192.168.1.1/32 -p udp -m udp --dport 68 -j ACCEPT -A INPUT -s 192.168.1.0/24 -p tcp -m tcp --dport 22 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j DROP -A INPUT -s 127.0.0.1/32 -p udp -m udp --dport 123 -j ACCEPT -A INPUT -s 192.168.1.0/24 -p udp -m udp --dport 123 -j ACCEPT -A INPUT -s 127.0.0.1/32 -p udp -m udp --dport 631 -j DROP -A INPUT -s 192.168.1.0/24 -p udp -m udp --dport 631 -j DROP -A INPUT -s 127.0.0.1/32 -p udp -m udp --dport 52421 -j DROP -A INPUT -s 192.168.1.0/24 -p udp -m udp --dport 52421 -j DROP -A INPUT -s 192.168.2.0/24 -p tcp -m tcp -j DROP -A INPUT -s 192.168.2.0/24 -p udp -m udp -j DROP -A INPUT -p tcp -m tcp --dport 3306 -j REJECT --reject-with icmp-port-unreachable -A INPUT -p udp -m udp --dport 68 -j REJECT --reject-with icmp-port-unreachable -A INPUT -p udp -m udp --dport 123 -j REJECT --reject-with icmp-port-unreachable -A INPUT -p udp -m udp --dport 631 -j REJECT --reject-with icmp-port-unreachable -A INPUT -p udp -m udp --dport 52421 -j REJECT --reject-with icmp-port-unreachable -A FORWARD -j REJECT --reject-with icmp-host-prohibited COMMIT # Completed on Tue May 5 17:50:52 2009 # /sbin/iptables-restore </root/tablesfiles # /etc/init.d/iptables save # chkconfig iptables on on On Tue, May 5, 2009 at 5:30 PM, wayne <wayda...@cox.net> wrote: > I have a situation where I will want to prevent individuals from > connecting to my server based on their MAC id. I've not selected > ANYTHING yet... suggestions? A nice GUI frontend would be cool. :-) > (Kubuntu 8.04.2) > > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > To subscribe, unsubscribe, or to change your mail settings: > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > -- www.obnosis.com (503)754-4452 "Contradictions do not exist." A. Rand
--------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
