Iptables rules – Access by MAC and redirect


I am new here and i want to say Hi to Everybody!

And I have a questions. I want to write Linux firewall iptables rules. I want to block internet access to all users and allow by MAC addresses. Oh and when someone isn=92t on access list to redirect him to web page with information.

I start writing rules:

echo 1 > /proc/sys/net/ipv4/ip_forward

iptables -F iptables -X iptables -t nat -X iptables -t nat -F iptables -P INPUT ACCEPT iptables -P FORWARD DROP

iptables -t nat -A POSTROUTING -s -j MASQUERADE

iptables -A FORWARD -m mac --mac-source 00:1F:D0:0D:4A:5A -j ACCEPT iptables -A FORWARD -j ACCEPT -m state --state RELATED,ESTABLISHED

but I don=92t know how to redirect blocked users to web page information.

All the best TomTom

Reply to
Tom Tom
Loading thread data ...

That's because one can't do that with iptables alone. The web server has to be able to determine what it will allow and not. MAC addresses typically aren't available, so you'll also need an external script run by the server.

Reply to
D. Stussy

Mon, 11 Jan 2010 13:00:22 -0800, D. Stussy did cat :

though there could be a quite intricate way to do it based on -j DNAT --to $VIRTDOMIP:$VIRTDOMPORT with masquerade and redir rules and have a virtual domain that'd only play the blockade info pages. But, I'd really recommend to avoid this stuff and do it in the application layer :-)

Reply to
Loki Harfagr

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.