IPTables. Blocking by MAC address

In this article, I will show examples of blocking MAC addresses in IPTables.

Let’s say you need to block incoming connections to the server for a specific MAC address, I’ll give an example of a rule:

iptables -A INPUT -m mac --mac-source 04:18:d6:52:1d:71 -m comment --comment "Example_ixnfo_com" -j DROP

If the server is used as an access server, for example, for NAT, etc., then you can prohibit the transmission of packets with a specific MAC address:

iptables -A FORWARD -m mac --mac-source 04:18:d6:52:1d:71 -m comment --comment "Example_ixnfo_com" -j DROP

To remove a rule, just replace -A with -D, for example:

iptables -D FORWARD -m mac --mac-source 04:18:d6:52:1d:71 -m comment --comment "Example_ixnfo_com" -j DROP

Similarly, you can not block, but allow access, I will give examples of how to allow SSH access for a specific MAC address:

/sbin/iptables -A INPUT -p tcp --destination-port 22 -m mac --mac-source 04:18:d6:52:1d:71 -j ACCEPT
/sbin/iptables -A INPUT -i eth0 -p tcp --destination-port 22 -m mac --mac-source 04:18:d6:52:1d:71 -j ACCEPT

See also my article:
How to configure IPTables

Leave a comment

Leave a Reply