Hey all, I was wondering what would be the best way to mac filter connections for my current setup
what I've got is fc10 running NAT and I want to mac filter all tcp connections. about 5 or so connections will be allowed full access and the rest will be blocked or redirected (based on their mac-address...I know about mac spoofing..and i've got rules set up in my iptables script to check macs against their designated Ip addresses..so I'm not as concerned with that security for the moment)
my current scripts look something like:
iptables -A PREROUTING -t nat -p tcp -i eth0 -m mac --mac-source ! $MAC1 --mac-source ! $MAC2 --mac-source ! $MAC3 -j DROP
DROP may also be substituted by DNAT --to-dest xxx.xxx.xxx.xxx:yyyy or something along those lines.
the problem that I'm having, however, is that instead of allowing MAC1, MAC2, and MAC3 through...iptables seems to be dropping everything. So, I guess is there a way to filter all connections and only allow a certain few macs through. thank you.