iptables a --mac-source

Petr Hvězda petr.hvezda na unistav.cz
Středa Únor 8 08:39:19 CET 2006 

|Petr Hvězda napsal(a):
|> takze mam textak, kam pisi mac adresy, ktere chci povolit a 
|pravidlo, 
|> ktere mi zaloguje adresu, ktera byla zakazana, vse ostatni DROP
|>  
|> for q in `cat /etc/firewall/mac.txt | grep -v ^# `; do
|>     iptables -A dhcp-me -m mac --mac-source "${q}" -j LOG 
|--log-prefix 
|> "${fw_prefix} [mac-blacklist]: " -m limit --limit 1/m
|>     iptables -A dhcp-me -m mac --mac-source "${q}" -j DROP done
|> 
|> iptables -A dhcp-me -j RETURN
|>  
|>  
|> mno a ted kde je tedy chyba ?? Takto to nefunguje a PC slapu vesele 
|> dal :(
|
|Nedela to nahodou presny opak, ze vyjmenovane MAC adresy 
|zaloguje a zahodi?
|

Bohuzel nedela... Koukal jsem se do systemoveho logu a nedela to nic, pritom
vypis z iptables mi dava toto:

Chain dhcp-me (1 references)
target     prot opt source               destination
LOG        all  --  0.0.0.0/0            0.0.0.0/0           MAC
00:80:1E:12:B6:71 limit: avg 1/min burst 5 LOG flags 0 level 4 prefix `
Netfilter [mac-blacklist]: '
DROP       all  --  0.0.0.0/0            0.0.0.0/0           MAC
00:80:1E:12:B6:71
LOG        all  --  0.0.0.0/0            0.0.0.0/0           MAC
00:04:75:AD:A9:CB limit: avg 1/min burst 5 LOG flags 0 level 4 prefix `
Netfilter [mac-blacklist]: '
DROP       all  --  0.0.0.0/0            0.0.0.0/0           MAC
00:04:75:AD:A9:CB
LOG        all  --  0.0.0.0/0            0.0.0.0/0           MAC
00:11:22:33:44:AB limit: avg 1/min burst 5 LOG flags 0 level 4 prefix `
Netfilter [mac-blacklist]: '
DROP       all  --  0.0.0.0/0            0.0.0.0/0           MAC
00:11:22:33:44:AB
LOG        all  --  0.0.0.0/0            0.0.0.0/0           MAC
00:02:44:5C:5C:24 limit: avg 1/min burst 5 LOG flags 0 level 4 prefix `
Netfilter [mac-blacklist]: '
DROP       all  --  0.0.0.0/0            0.0.0.0/0           MAC
00:02:44:5C:5C:24
LOG        all  --  0.0.0.0/0            0.0.0.0/0           MAC
00:11:09:6A:0F:32 limit: avg 1/min burst 5 LOG flags 0 level 4 prefix `
Netfilter [mac-blacklist]: '
DROP       all  --  0.0.0.0/0            0.0.0.0/0           MAC
00:11:09:6A:0F:32
LOG        all  --  0.0.0.0/0            0.0.0.0/0           MAC
00:02:44:5C:25:F8 limit: avg 1/min burst 5 LOG flags 0 level 4 prefix `
Netfilter [mac-blacklist]: '
DROP       all  --  0.0.0.0/0            0.0.0.0/0           MAC
00:02:44:5C:25:F8
LOG        all  --  0.0.0.0/0            0.0.0.0/0           MAC
00:C0:9F:39:03:84 limit: avg 1/min burst 5 LOG flags 0 level 4 prefix `
Netfilter [mac-blacklist]: '
DROP       all  --  0.0.0.0/0            0.0.0.0/0           MAC
00:C0:9F:39:03:84
LOG        all  --  0.0.0.0/0            0.0.0.0/0           MAC
00:11:43:B4:72:A9 limit: avg 1/min burst 5 LOG flags 0 level 4 prefix `
Netfilter [mac-blacklist]: '

Další informace o konferenci Linux