Page 1 of 1
allow by mac address
Posted: Mon Nov 02, 2009 6:09 am
by amsteen
Dear Sir's
If we block a pc from internet with web-proxy (with its IP)
is it possible to allow iternet for it by mac address (from firewall filter)
thanks
Eng. Amgad
Re: allow by mac address
Posted: Wed Nov 04, 2009 11:11 am
by amsteen
There no one know how to deliver internet by mac address
or it is not possible
Please try to help me
Re: allow by mac address
Posted: Wed Nov 04, 2009 8:58 pm
by chronos
I dont understand you question but basicly you can block or better allow certain clients by firewall rules identified either by IP address or MAC address. So there is a problem?
Re: allow by mac address
Posted: Thu Nov 05, 2009 5:38 pm
by cyph3r
Dear Sir's
If we block a pc from internet with web-proxy (with its IP)
is it possible to allow iternet for it by mac address (from firewall filter)
thanks
Eng. Amgad
ip firewall filter add chain=input src-mac-address=00:0C:29:32:E6:92 action=accept (Allow User )
ip firewall filter add chain=input src-mac-address=00:0C:29:32:E6:93 action=accept (Allow User )
ip firewall filter add chain=input src-mac-address=00:0C:29:32:E6:94 action=accept (Allow User )
ip firewall filter add chain=input src-address=192.168.139.0/24 action=drop (all users deny)
Try this in same sequence
Re: allow by mac address
Posted: Sat Nov 07, 2009 9:37 am
by amsteen
A great thanks to Mr. cyph3r
Yes it work
thanks again
Eng. Amgad
Re: allow by mac address
Posted: Sun Nov 08, 2009 4:44 pm
by cyph3r
A great thanks to Mr. cyph3r
Yes it work
thanks again
Eng. Amgad
Its ok Bro
Re: allow by mac address
Posted: Tue Dec 15, 2009 1:15 am
by zahiy
I want to add somthing else to his questions hoping somebody can help, accodring to cyph3r 's solution, how can I block all MACs and allow specific MACs without refering to ip address?
Re: allow by mac address
Posted: Tue Dec 15, 2009 1:20 am
by fewi
Qualify by something else, for example the interface traffic came in on.
ip firewall filter add chain=input src-mac-address=00:0C:29:32:E6:92 action=accept (Allow User )
ip firewall filter add chain=input src-mac-address=00:0C:29:32:E6:93 action=accept (Allow User )
ip firewall filter add chain=input src-mac-address=00:0C:29:32:E6:94 action=accept (Allow User )
ip firewall filter add chain=input src-address=192.168.139.0/24 action=drop (all users deny)
Turns into
ip firewall filter add chain=input src-mac-address=00:0C:29:32:E6:92 action=accept (Allow User )
ip firewall filter add chain=input src-mac-address=00:0C:29:32:E6:93 action=accept (Allow User )
ip firewall filter add chain=input src-mac-address=00:0C:29:32:E6:94 action=accept (Allow User )
ip firewall filter add chain=input in-interface=[name of customer interface] action=drop (all users deny)
Re: allow by mac address
Posted: Tue Dec 15, 2009 1:36 am
by zahiy
Thanks! I will tring it
Re: allow by mac address
Posted: Wed Dec 16, 2009 6:30 pm
by zahiy
Works fine.
Re: allow by mac address
Posted: Thu Dec 17, 2009 12:03 pm
by henrygrik
Hi,
It has been quite interesting. It was simply mind blowing, thanks for providing such a wonderful information.
Re: allow by mac address
Posted: Mon Jan 11, 2016 6:49 pm
by hansel84
Very useful post, but is there any way I can block a bunch of MAC Addresses in only one rule on the same way we can create IP-Address-List ? That will save a lot of CPU usage ...
Tnx in advance
Re: allow by mac address
Posted: Tue Feb 23, 2016 10:51 am
by gazdi
Hello
How can I create and use a MAC list as input for packet marking ? At prerouting /mangle I would like to use it.
Thanks in advance !