From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <maximbo@rambler.ru>
Date: Mon, 6 Mar 2006 03:22:44 +0300
From: Maxim Bodyansky <maximbo@rambler.ru>
To: ALT Linux Community <community@lists.altlinux.org>
Message-ID: <20060306002244.GD4748@ember.istranet.ru>
References: <440B52C5.6070308@gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=koi8-r
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <440B52C5.6070308@gmail.com>
User-Agent: Mutt/1.4.2.1i
X-Auth-User: maximbo, whoson: maximbo@rambler.ru
Subject: Re: [Comm] iptables -m mac
X-BeenThere: community@lists.altlinux.org
X-Mailman-Version: 2.1.6
Precedence: list
Reply-To: ALT Linux Community <community@lists.altlinux.org>
List-Id: ALT Linux Community <community.lists.altlinux.org>
List-Unsubscribe: <https://lists.altlinux.org/mailman/listinfo/community>,
	<mailto:community-request@lists.altlinux.org?subject=unsubscribe>
List-Archive: <http://lists.altlinux.org/pipermail/community>
List-Post: <mailto:community@lists.altlinux.org>
List-Help: <mailto:community-request@lists.altlinux.org?subject=help>
List-Subscribe: <https://lists.altlinux.org/mailman/listinfo/community>,
	<mailto:community-request@lists.altlinux.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Mar 2006 00:22:38 -0000
Archived-At: <http://lore.altlinux.org/community/20060306002244.GD4748@ember.istranet.ru/>
List-Archive: <http://lore.altlinux.org/community/>
List-Post: <mailto:mandrake-russian@linuxteam.iplabs.ru>

On Sun, Mar 05, 2006 at 11:06:13PM +0200 andriy wrote:
> Hi, community!
> 
> iptables позволяет блокировку всех MAC-адресов, кроме нескольких?
> Етим блокируем все кроме одной
> 
> iptables -A INPUT -m mac --mac-source \! 00:0D:00:B5:00:0C -j DROP
> 
> а как несколько?

Можно создать несколько разрешающих правил, и одно запрещающее.

--- start of script ---

IPT=/sbin/iptables
mac_list="
mac1
mac2
mac3
"

for mac in $mac_list; do
  $IPT -A INPUT -m mac --mac-source $mac -j ACCEPT
done
$IPT -P INPUT DROP

--- end of script ---

-- 
WBR,
Maxim Bodyansky

"You can't make a program without broken egos."