[Firehol-support] MAC address filtering example needed

Costa Tsaousis costa at tsaousis.gr
Thu Jun 2 16:24:52 BST 2005 

Hi,

coders="00:01:02:35:aa:80 00:01:02:35:ac:80 ..."
# or
# coders="`cat /path/to/file/with/one/mac/per/line`"

router lan2i inface ${lan_if} outface ${ext_nat_if} mac not "${coders}"
 	route bberry	accept
 	route cups	accept
        ...

Now these mac addresses will not even enter the lan2i router.


Regards,

Costa


On Wed, June 1, 2005 5:15, Brian Snipes said:
> Greets,
> Can someone give me an example of using the 'mac' parameter to block all
> traffic in a router section.  I have multiple workstations that have to be
> blocked from having any outbound access.  Here is what I have tried but it
> doesn't seem to block access:
> ---------------------------
> coders="00:01:02:35:aa:80 \
> 	00:01:02:35:ac:80 \
> 	00:01:02:c8:4c:cc \
> 	00:0a:e6:28:42:bf \
> 	00:0a:e6:28:4a:8e \
> 	00:0a:e6:28:58:e2 \
> 	00:0a:e6:33:55:95 \
> 	00:0a:e6:41:d1:b4 \
> 	00:0a:e6:28:46:fe \
> 	00:0c:29:6b:a6:70"
> ...
> router lan2i inface lan outface ${ext_nat_if}
> 	route all	reject mac ${coders}
> 	route bberry	accept
> 	route cups	accept
> 	route dict	accept
> 	route ftp	accept
> 	route http	accept
> 	route https	accept
> 	route icmp	accept
> 	route imap	accept
> 	route imaps	accept
> 	route irc	accept
> 	route jabber	accept
> 	route ldap	accept
> 	route ldaps	accept
> 	route msn	accept
> 	route nntp	accept
> 	route nntps	accept
> 	route ntp	accept
> 	route ping	accept
> 	route pop3	accept
> 	route pop3s	accept
> 	route rdp	accept
> 	client ssh	accept src x.x.x.x/32
> -----------------------------
>
> Any ideas?
>
> Brian
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by Yahoo.
> Introducing Yahoo! Search Developer Network - Create apps using Yahoo!
> Search APIs Find out how you can build Yahoo! directly into your own
> Applications - visit http://developer.yahoo.net/?fr=offad-ysdn-ostg-q22005
> _______________________________________________
> Firehol-support mailing list
> Firehol-support at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/firehol-support
>

More information about the Firehol-support mailing list