OpenWrt Forum Archive

Topic: Iptable block mac adress

The content of this topic has been archived on 7 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

hello, I will want to block a mac address by iptables but does not function I installed libipt_mac.so however

@OpenWrt:/usr/lib/iptables# iptables -I FORWARD -m mac --mac-source 00:50:FC:F5:18:5E -j DROP
iptables: No chain/target/match by that name


... sad  sad  sad  :cry:

You need to install the linux kernel module ipt_mac.o.

You can compile it into kernel (hint make menuconfig) or copy it from kmodes.tar.gz, which is created by openwrt compilation, if you have choosen linux mac matching to be build as kernel module.

If you load it as module, don't forget to insmod ipt_mac afterwards.
The module is located in /lib/modules/2.4.20.../netfilter.

It just needs to get loaded.

cat /proc/modules

insmod ipt_mac

@OpenWrt:/proc# cat modules
wl                    348968   1
et                     21968   1
diag                    2080   0 (unused)
@OpenWrt:/proc#


:cry:  :cry:  :cry:  :cry:  :cry:

You need the libipt_mac.so library in /usr/lib (download here for iptables 1.2.9 http://www.cidis.ws/proyectos/libipt_mac.so)
. Then write insmod ipt_mac command and finally your iptables will accept mac match. lol

The discussion might have continued from here.