Iptables rules – Access by MAC and redirect

- T
- Tom Tom
  
  Contact options for registered users
posted
14 years ago

Mon, Jan 11, 2010 12:19 PM

Hello

I am new here and i want to say Hi to Everybody!

And I have a questions. I want to write Linux firewall iptables rules. I want to block internet access to all users and allow by MAC addresses. Oh and when someone isn=92t on access list to redirect him to web page with information.

I start writing rules:

echo 1 > /proc/sys/net/ipv4/ip_forward

iptables -F iptables -X iptables -t nat -X iptables -t nat -F iptables -P INPUT ACCEPT iptables -P FORWARD DROP

iptables -t nat -A POSTROUTING -s 192.168.2.0/24 -j MASQUERADE

iptables -A FORWARD -m mac --mac-source 00:1F:D0:0D:4A:5A -j ACCEPT iptables -A FORWARD -j ACCEPT -m state --state RELATED,ESTABLISHED

but I don=92t know how to redirect blocked users to web page information.

All the best TomTom

- D
- D. Stussy
  
  Contact options for registered users
Vote on answer
posted
14 years ago

Mon, Jan 11, 2010 9:00 PM

That's because one can't do that with iptables alone. The web server has to be able to determine what it will allow and not. MAC addresses typically aren't available, so you'll also need an external script run by the server.

- L
- Loki Harfagr
  
  Contact options for registered users
Vote on answer
posted
14 years ago

Tue, Jan 12, 2010 9:19 AM

Mon, 11 Jan 2010 13:00:22 -0800, D. Stussy did cat :

though there could be a quite intricate way to do it based on -j DNAT --to $VIRTDOMIP:$VIRTDOMPORT with masquerade and redir rules and have a virtual domain that'd only play the blockade info pages. But, I'd really recommend to avoid this stuff and do it in the application layer :-)