Using MAC address in Firewall rules

Home Page Forums Network Management ZeroShell Using MAC address in Firewall rules

This topic contains 7 replies, has 0 voices, and was last updated by  LingaringBell 9 years ago.

Viewing 9 posts - 1 through 9 (of 9 total)
  • Author
    Posts
  • #41484

    I’m trying to use MAC addresses to restrict computers from accessing the internet. I create a rule in the Forward chain that applies to both routed and bridged packets. I set up a pretty generic rule that looks like:

    target prot opt in out source destination
    DROP all — * * 0.0.0.0/0 0.0.0.0/0 MAC 00:18:F3:01:7A:D5

    I try to pass through the firewall with my test computer that has this MAC address and it passes fine, instead of getting dropped like it should. My only idea is that I have to be using DHCP services on the Zeroshell box for this to work, but that seems kind of silly. Any ideas? Thanks.
    -Bell

    #47639

    ppalias
    Member

    Try to use this and see if it works:

    iptables -A FORWARD -m mac --mac-source 00:18:F3:01:7A:D5  -j DROP
    #47640

    ppalias
    Member

    I tried it now both directly with IP tables and Web interface (don’t forget to save) and it worked fine. Version 1.0 beta 11

    #47641

    I just tried it using both methods and neither of them worked. I am running Version 1.0 beta 11. If I look under “Connection Tracking” in the Firewall menu, I do not see any MAC addresses listed. Would there be some reason that Zeroshell is not checking the MAC address of the connections being made?

    #47642

    imported_fulvio
    Participant

    Connection tracking works at layer 4. You cannot find MAC addresses because they are layer 2 addresses.
    Could you post a network diagram of your lan? is your client connected to Zeroshell on the same layer 2?

    Regards
    Fulvio

    #47643

    I’m not exactly sure what you are asking when you say “the same layer 2”. My lan is pretty simple. The machine that I’m testing the MAC address rules with is connected like this:

    — Computer connected to a layer 2 switch.

    –That layer 2 switch is connected to a layer 3 core switch.

    –An Untangle Firewall box (it has two network interfaces set up in a bridged state) one interface is connected to the layer 3 switch, and the other is connected to the Zeroshell box.

    –The Zeroshell box has two is doing routing between it’s two network interfaces, one of which is connected to the Untangle Firewall, the other to the internet router.

    #47644

    imported_fulvio
    Participant

    At this point I have to say that the only place where you could apply a MAC address filter is the layer 3 router connected to the switch. Zeroshell is not able to see the MAC address of the client because the first router breaks the layer 2 where it is connected.

    Regards
    Fulvio

    #47645

    Thanks Fulvio for some reason I didn’t even think of that. I was looking at it so hard I forgot the obvious. Thanks everyone.

    #47646

    Anonymous
    Member

    DELETED

Viewing 9 posts - 1 through 9 (of 9 total)

You must be logged in to reply to this topic.