Hi

I want to setup a mac filter for my router in a way that it will block everything and only allowed mac-addresses get through. But only on my LAN-interface.

whiterussian 0.9 with the standard iptables ruleset

In which chain do I have to add the rules? LAN_ACCEPT?

iptables -P LAN_ACCEPT DROP
iptables -A LAN_ACCEPT -m mac -–mac-source aa:bb:cc:dd:ee:ff -j ACCEPT

and the rule
iptables -A LAN_ACCEPT -j ACCEPT
from /etc/init.d/S35firewall must be deleted. Right?

Looks good for me, but I dont want to be locked out so I better ask here first big_smile

What happens if i make a mistake and cannot ssh into the router? Will the firewall settings also be enabled in recoverymode?


Thanks!

(Last edited by tdomega on 20 Jul 2007, 20:44)