- 论坛徽章:
- 0
|
请教iptables如何只让给定的ip和mac上网?
原帖由 "kunlunsnow" 发表:
1。访问外网的机器走FORWARD链,设定FORWARD链规则如下:
iptables -P FORWARD DROP (设定FORWARD链策略为DROP)
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT(允许状态为ESTABLISHED和..........
我试了一下,采用mac校验时有点问题,还请帮忙看一下
- [root@test2 root]# /sbin/modprobe ipt_mac
- [root@test2 root]# /sbin/modprobe ipt_state
- [root@test2 root]# iptables -A FORWARD -o eth1 -s 192.168.10.18 -m -mac --mac-source 00:10:DC:6B:C6:31 -j ACCEPT
- iptables v1.2.8: Couldn't load match `-mac':/lib/iptables/libipt_-mac.so: cannot open shared object file: No such file or directory
- [root@test2 root]# ls /lib/iptables/
- libip6t_eui64.so libip6t_multiport.so libipt_ecn.so libipt_mark.so libipt_rpc.so libipt_TOS.so
- libip6t_hl.so libip6t_owner.so libipt_ECN.so libipt_MARK.so libipt_SAME.so libipt_ttl.so
- libip6t_HL.so libip6t_standard.so libipt_esp.so libipt_MASQUERADE.so libipt_SNAT.so libipt_TTL.so
- libip6t_icmpv6.so libip6t_tcp.so libipt_helper.so libipt_MIRROR.so libipt_standard.so libipt_udp.so
- libip6t_length.so libip6t_udp.so libipt_icmp.so libipt_multiport.so libipt_state.so libipt_ULOG.so
- libip6t_limit.so libipt_ah.so libipt_iplimit.so libipt_owner.so libipt_TARPIT.so libipt_unclean.so
- libip6t_LOG.so libipt_conntrack.so libipt_length.so libipt_physdev.so libipt_tcpmss.so
- libip6t_mac.so libipt_DNAT.so libipt_limit.so libipt_pkttype.so libipt_TCPMSS.so
- libip6t_mark.so libipt_dscp.so libipt_LOG.so libipt_REDIRECT.so libipt_tcp.so
- libip6t_MARK.so libipt_DSCP.so libipt_mac.so libipt_REJECT.so libipt_tos.so
复制代码 |
|