Use firewall-cmd to filter by MAC address?

639 views

In a previous version of Fedora I had iptables rules of the form:

-A INPUT -p tcp --destination-port 25 -m mac --mac-source  AA:BB:CC:DD:EE:FF -j ACCEPT

in order to accept email only from selected local systems.

Ive just installed Fedora 20, and Im trying to implement the same kind of thing using:

 firewall-cmd

but Ive been unable to figure out how to do this. Any thoughts?

posted Dec 21, 2013 by Sumit Pokharna

Looking for an answer? Promote on:

Similar Questions

0 votes

Where is the iptables firewall configuration file on Fedora 19?

It's no longer in /etc/sysconfig/iptables.

+1 vote

Firewall suggestions on hosted mail server?

I have a hosted VM with a provider, which I've set up mainly as a private mail server. It needs to be protected by some sort of firewall, but there are several to choose from, apart from just writing rules for iptables by hand. I don't think I'll be needing an extreme amount of rules.

Writing rules for iptables is not something I've done in many years, so I was wondering about using either ufw, shorewall or ferm. Has anyone got any experience with either of these? I'm looking for something that is easy to set up and maintain. A pointer to a good guide on any of these would also be much appreciated, especially one that centers on protecting a machine that doesn't serve as a firewall for an entire network, it only has the one interface.

Any suggestions?

+1 vote

Help with stateless firewall

I am working with a stateless firewall to help keep up with DoS and a state flood. I have a few doubts about my setup:

a.) When allowing web traffic, is it necessary to allow port range 1000:65535 ? i saw that due to this rule sending packets to those ports directly respond with a REJECT instead of a DROP which is preferred. Any
work around and still have a stateless setup?

b.) What is needed to safely have a default OUTPUT DROP, apparently as soon as i change it to that iam unable to access it via ssh, even if I add a rule like this: /sbin/iptables -A OUTPUT -p tcp --dport 22 -j ACCEPT

#!/bin/bash

/sbin/iptables -F
/sbin/iptables -X

/sbin/iptables -P INPUT DROP
/sbin/iptables -P FORWARD DROP
/sbin/iptables -P OUTPUT ACCEPT

#ICMP IN
/sbin/iptables -A INPUT -p icmp -s 178.174.50.29/24 -j ACCEPT

#ICMP IN (TRACEROUTE)
/sbin/iptables -A INPUT -p icmp --icmp-type 0 -j ACCEPT
/sbin/iptables -A INPUT -p icmp --icmp-type 11 -j ACCEPT

#ICMP OUT
/sbin/iptables -A OUTPUT -p icmp --icmp-type 8 -j ACCEPT

#DNS RESOLVERS
/sbin/iptables -A INPUT -s 63.15.64.91 -j ACCEPT
/sbin/iptables -A INPUT -s 63.15.64.92 -j ACCEPT

#SSH
/sbin/iptables -A INPUT -p tcp --dport 22 -j ACCEPT

#WEB
/sbin/iptables -A INPUT -p tcp --dport 1000:65535 -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 80 -j ACCEPT

0 votes

MAC address changes on every boot on fedora21 system?

I am running a fully patched Fedora 21 system. We are trying to give it a long term lease in the DHCP server, but the MAC address sent changes on every boot. The MAC address seen at the DHCP server is not actually valid.

The DHCP server is like Win2008 Server R2.

+2 votes

Can IPtable check for a valid IP address?

We suffer from DNS lookups with a response IP address which is not existing. Can Iptables check on this?

...

Use firewall-cmd to filter by MAC address?

Your comment on this post:

Your answer

Preview