top button
Flag Notify
    Connect to us
      Site Registration

Site Registration

Use firewall-cmd to filter by MAC address?

+1 vote
633 views

In a previous version of Fedora I had iptables rules of the form:

-A INPUT -p tcp --destination-port 25 -m mac --mac-source  AA:BB:CC:DD:EE:FF -j ACCEPT

in order to accept email only from selected local systems.

Ive just installed Fedora 20, and Im trying to implement the same kind of thing using:

 firewall-cmd

but Ive been unable to figure out how to do this. Any thoughts?

posted Dec 21, 2013 by Sumit Pokharna

Looking for an answer?  Promote on:
Facebook Share Button Twitter Share Button LinkedIn Share Button

Similar Questions
0 votes

It's no longer in /etc/sysconfig/iptables.

+1 vote

I have a hosted VM with a provider, which I've set up mainly as a private mail server. It needs to be protected by some sort of firewall, but there are several to choose from, apart from just writing rules for iptables by hand. I don't think I'll be needing an extreme amount of rules.

Writing rules for iptables is not something I've done in many years, so I was wondering about using either ufw, shorewall or ferm. Has anyone got any experience with either of these? I'm looking for something that is easy to set up and maintain. A pointer to a good guide on any of these would also be much appreciated, especially one that centers on protecting a machine that doesn't serve as a firewall for an entire network, it only has the one interface.

Any suggestions?

+1 vote

I am working with a stateless firewall to help keep up with DoS and a state flood. I have a few doubts about my setup:

a.) When allowing web traffic, is it necessary to allow port range 1000:65535 ? i saw that due to this rule sending packets to those ports directly respond with a REJECT instead of a DROP which is preferred. Any
work around and still have a stateless setup?

b.) What is needed to safely have a default OUTPUT DROP, apparently as soon as i change it to that iam unable to access it via ssh, even if I add a rule like this: /sbin/iptables -A OUTPUT -p tcp --dport 22 -j ACCEPT

#!/bin/bash

/sbin/iptables -F
/sbin/iptables -X

/sbin/iptables -P INPUT DROP
/sbin/iptables -P FORWARD DROP
/sbin/iptables -P OUTPUT ACCEPT

#ICMP IN
/sbin/iptables -A INPUT -p icmp -s 178.174.50.29/24 -j ACCEPT

#ICMP IN (TRACEROUTE)
/sbin/iptables -A INPUT -p icmp --icmp-type 0 -j ACCEPT
/sbin/iptables -A INPUT -p icmp --icmp-type 11 -j ACCEPT

#ICMP OUT
/sbin/iptables -A OUTPUT -p icmp --icmp-type 8 -j ACCEPT

#DNS RESOLVERS
/sbin/iptables -A INPUT -s 63.15.64.91 -j ACCEPT
/sbin/iptables -A INPUT -s 63.15.64.92 -j ACCEPT

#SSH
/sbin/iptables -A INPUT -p tcp --dport 22 -j ACCEPT

#WEB
/sbin/iptables -A INPUT -p tcp --dport 1000:65535 -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 80 -j ACCEPT
0 votes

I am running a fully patched Fedora 21 system. We are trying to give it a long term lease in the DHCP server, but the MAC address sent changes on every boot. The MAC address seen at the DHCP server is not actually valid.

The DHCP server is like Win2008 Server R2.

+2 votes

We suffer from DNS lookups with a response IP address which is not existing. Can Iptables check on this?

...