[Firehol-support] MAC address filtering example needed
Brian Snipes
brian at hwnn.com
Wed Jun 1 03:15:38 BST 2005
Greets,
Can someone give me an example of using the 'mac' parameter to block all traffic in a router section. I have multiple workstations that have to be blocked from having any outbound access. Here is what I have tried but it doesn't seem to block access:
---------------------------
coders="00:01:02:35:aa:80 \
00:01:02:35:ac:80 \
00:01:02:c8:4c:cc \
00:0a:e6:28:42:bf \
00:0a:e6:28:4a:8e \
00:0a:e6:28:58:e2 \
00:0a:e6:33:55:95 \
00:0a:e6:41:d1:b4 \
00:0a:e6:28:46:fe \
00:0c:29:6b:a6:70"
...
router lan2i inface lan outface ${ext_nat_if}
route all reject mac ${coders}
route bberry accept
route cups accept
route dict accept
route ftp accept
route http accept
route https accept
route icmp accept
route imap accept
route imaps accept
route irc accept
route jabber accept
route ldap accept
route ldaps accept
route msn accept
route nntp accept
route nntps accept
route ntp accept
route ping accept
route pop3 accept
route pop3s accept
route rdp accept
client ssh accept src x.x.x.x/32
-----------------------------
Any ideas?
Brian
More information about the Firehol-support
mailing list