iptables, allow access from certain MAC addresses

iptables authentication mac-address
26,825

Solution 1

You can't do this because MAC addresses aren't available to you for connections that have traversed the internet.

To do what you want it would be much safer to setup a VPN and only allow connections via that to your critical infrastructure. If you can't do that then you could try setting up some sort of two factor authentication.

If you really are stuck with just iptables then you may get by with port knocking. There appears to be a fairly good tutorial on this in the Arch Linux wiki but heed the warning and don't use the example ports/sequence in your environment.

A combination of the above would techniques be even better.

Solution 2

Iptables has a mac module. You can use it like this:

/sbin/iptables -A INPUT -m mac --mac-source 00:0F:EA:91:04:08 -j DROP

nixCraft has an extensive guide on how to create filter rules based on mac addresses.

But this only works on the same network, as MAC addressing is link-layer specific and won't get forwarded when using routing. So, as long as the devices are on different networks that need routing, this won't work.

Share:
26,825

Related videos on Youtube

user788171
Author by

user788171

Updated on September 18, 2022

Comments

  • user788171
    user788171 over 1 year

    Presently, I limit which clients can access my server by using IP addresses via iptables, only approved IP addresses can connect.

    However, the problem with this is if a client is on a laptop and goes to a different location, they can no longer connect because the IP has changed.

    For a variety of reasons, iptables authentication is the only option I have.

    Is there a way to restrict access by device instead of ip address. For instance, only allow certain MAC address to connect to port 5000.

    Is it possible to do this via iptables? Note, the computers are not on the same network, they could be connecting from anywhere in the world.

  • user9517
    user9517 almost 11 years
    A MAC address over the internet ?
  • user788171
    user788171 almost 11 years
    There's no way to do this then for devices on different networks, e.g. MAC address over the internet?
  • Izzy
    Izzy almost 11 years
    My fault, unintentionally skipped the last paragraph. Added explanation for that. It may be possible to get it working with a VPN, not sure about that, though..

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

MySQL MAC Address Authentication with freeRadius
Do cellular network adapters (3G/4G/LTE) have MAC addresses?
Using Ipset and Iptables for MAC address filtering
Why is MAC-based authentication insecure?
How to use Calling-Station-Id on a per user basis in freeRADIUS?
flutter_web_auth doesn't redirect from WebView to the app after authorizing the access to my data in Flutter
Staying logged in when updating code on flutter web
Flutter keeps throwing an error, while defining CognitoSignUpOptions
Flutter 2.8.0 will not deploy and run project on iOS simulator (was working on 2.5.3)
Tried to change the background color and text color in Flutter toast. But its not working properly