规则:
#! /bin/bash
IPTABLE=/sbin/iptables
/sbin/iptables -F
$IPTABLE -A INPUT -i ppp0 -m state --state INVALID -j LOG --log-prefix "恶意连接_日志"
$IPTABLE -A INPUT -i ppp0 -m state --state INVALID -j DROP #丢弃
$IPTABLE -A INPUT -i ppp0 -m state --state ESTABLISHED -j LOG --log-prefix "正确连接_日志"
$IPTABLE -A INPUT -i ppp0 -m state --state ESTABLISHED -j ACCEPT
Sometime it is necessary to filter address using mac address. A mac address is acronym for media access control address, is a unique address assigned to almost all-networking hardware such as Ethernet cards, router etc (see mac address at wikipedia for more information).
Iptables comes with MAC module. this matches packets traveling through the firewall based on their MAC (Ethernet hardware) address. It offers good protection against malicious users who spoof or change their IP address. Remember that mac filtering only makes sense for packets coming from an Ethernet device and entering the chains:
iptables blocking with mac address
Drop all connection coming from mac address 00:0F:EA:91:04:08 (add command to your firewall script)[code]iptables -A INPUT -m mac --mac-source 00:0F:EA:91:04:08 -j DROP[/code]iptables allowing with mac address
Allow port 22 for mac address 00:0F:EA:91:04:07[code]iptables -A INPUT -p tcp --destination-port 22 -m mac --mac-source
00:0F:EA:91:04:07 -j ACCEPT[/code]Read man page of iptables for more information.
LINUX_COM 于 2010-02-21 11:13:11发表:
[i=s] 本帖最后由 LINUX_COM 于 2010-2-21 11:14 编辑 [/i]
规则:
#! /bin/bash
IPTABLE=/sbin/iptables
/sbin/iptables -F
$IPTABLE -A INPUT -i ppp0 -m state --state INVALID -j LOG --log-prefix "恶意连接_日志"
$IPTABLE -A INPUT -i ppp0 -m state --state INVALID -j DROP #丢弃
$IPTABLE -A INPUT -i ppp0 -m state --state ESTABLISHED -j LOG --log-prefix "正确连接_日志"
$IPTABLE -A INPUT -i ppp0 -m state --state ESTABLISHED -j ACCEPT
----------------------------------------------------------------------
日志:
Feb 21 11:02:11 w-laptop kernel: [ 4958.479137] 正确连接_日志IN=ppp0 OUT= MAC= SRC=119.147.97.11 DST=116.27.127.222 LEN=1492 TOS=0x00 PREC=0x00 TTL=213 ID=1666 DF PROTO=TCP SPT=80 DPT=52191 WINDOW=6432 RES=0x00 ACK URGP=0
-------------------------------------------------------------------------
IPTABLE规则的日志记录,其中的MAC地址是谁的MAC?本机或对方电脑?怎样才使日志记录MAC地址?
luciffer 于 2010-02-10 14:13:01发表:
不能!
iptable的工作点是对网络hook点的 PREROUTIN,LOCAL_IN ,POSTROUTING,FORWARD ,LOCAL_OUT,一个五个点,既然叫网络hook点,当然已经是跑到了网络层了,
兄台所讲的链路层应该不是mac地址那简单吧,所谓的链路层应该是指的LLC,MAC,PHY这个结合体,更偏向于LLC,一般这种包是抓不住的,更不用说iptable了,链路层的包是由网卡硬件来实现的,有兴趣可以看一下,ieee802.2 各ieee802.3这两个文件,看完了,你就不会问这个问题了。
elvisqin 于 2010-02-02 22:53:59发表:
Sometime it is necessary to filter address using mac address. A mac address is acronym for media access control address, is a unique address assigned to almost all-networking hardware such as Ethernet cards, router etc (see mac address at wikipedia for more information).
Iptables comes with MAC module. this matches packets traveling through the firewall based on their MAC (Ethernet hardware) address. It offers good protection against malicious users who spoof or change their IP address. Remember that mac filtering only makes sense for packets coming from an Ethernet device and entering the chains:
[list=1]
[*]PREROUTING
[*]FORWARD
[*]INPUT
[/list]
iptables blocking with mac address
Drop all connection coming from mac address 00:0F:EA:91:04:08 (add command to your firewall script)[code]iptables -A INPUT -m mac --mac-source 00:0F:EA:91:04:08 -j DROP[/code]iptables allowing with mac address
Allow port 22 for mac address 00:0F:EA:91:04:07[code]iptables -A INPUT -p tcp --destination-port 22 -m mac --mac-source
00:0F:EA:91:04:07 -j ACCEPT[/code]Read man page of iptables for more information.