[Firehol-support] MAC address filtering example needed

Brian Snipes Brian at hwnn.com
Thu Jun 2 16:53:51 BST 2005 

Thanks!  Can multiple parameters be appended to a router/interface section.  An example:
router lan2i inface ${lan_if} outface ${ext_nat_if} mac not "${coders}" src not "${blocked_ip_address}"

Brian


>>> "Costa Tsaousis" <costa at tsaousis.gr> 6/2/2005 10:24 AM >>>
Hi,

coders="00:01:02:35:aa:80 00:01:02:35:ac:80 ..."
# or
# coders="`cat /path/to/file/with/one/mac/per/line`"

router lan2i inface ${lan_if} outface ${ext_nat_if} mac not "${coders}"
 	route bberry	accept
 	route cups	accept
        ...

Now these mac addresses will not even enter the lan2i router.


Regards,

Costa


On Wed, June 1, 2005 5:15, Brian Snipes said:
> Greets,
> Can someone give me an example of using the 'mac' parameter to block all
> traffic in a router section.  I have multiple workstations that have to be
> blocked from having any outbound access.  Here is what I have tried but it
> doesn't seem to block access:
> ---------------------------
> coders="00:01:02:35:aa:80 \
> 	00:01:02:35:ac:80 \
> 	00:01:02:c8:4c:cc \
> 	00:0a:e6:28:42:bf \
> 	00:0a:e6:28:4a:8e \
> 	00:0a:e6:28:58:e2 \
> 	00:0a:e6:33:55:95 \
> 	00:0a:e6:41:d1:b4 \
> 	00:0a:e6:28:46:fe \
> 	00:0c:29:6b:a6:70"
> ...
> router lan2i inface lan outface ${ext_nat_if}
> 	route all	reject mac ${coders}
> 	route bberry	accept
> 	route cups	accept
> 	route dict	accept
> 	route ftp	accept
> 	route http	accept
> 	route https	accept
> 	route icmp	accept
> 	route imap	accept
> 	route imaps	accept
> 	route irc	accept
> 	route jabber	accept
> 	route ldap	accept
> 	route ldaps	accept
> 	route msn	accept
> 	route nntp	accept
> 	route nntps	accept
> 	route ntp	accept
> 	route ping	accept
> 	route pop3	accept
> 	route pop3s	accept
> 	route rdp	accept
> 	client ssh	accept src x.x.x.x/32
> -----------------------------
>
> Any ideas?
>
> Brian
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by Yahoo.
> Introducing Yahoo! Search Developer Network - Create apps using Yahoo!
> Search APIs Find out how you can build Yahoo! directly into your own
> Applications - visit http://developer.yahoo.net/?fr=offad-ysdn-ostg-q22005 
> _______________________________________________
> Firehol-support mailing list
> Firehol-support at lists.sourceforge.net 
> https://lists.sourceforge.net/lists/listinfo/firehol-support 
>



-------------------------------------------------------
This SF.Net email is sponsored by Yahoo.
Introducing Yahoo! Search Developer Network - Create apps using Yahoo!
Search APIs Find out how you can build Yahoo! directly into your own
Applications - visit http://developer.yahoo.net/?fr=offad-ysdn-ostg-q22005 
_______________________________________________
Firehol-support mailing list
Firehol-support at lists.sourceforge.net 
https://lists.sourceforge.net/lists/listinfo/firehol-support

More information about the Firehol-support mailing list