In this article, I will show examples of blocking MAC addresses in IPTables.
Let’s say you need to block incoming connections to the server for a specific MAC address, I’ll give an example of a rule:
iptables -A INPUT -m mac --mac-source 04:18:d6:52:1d:71 -m comment --comment "Example_ixnfo_com" -j DROP
If the server is used as an access server, for example, for NAT, etc., then you can prohibit the transmission of packets with a specific MAC address:
iptables -A FORWARD -m mac --mac-source 04:18:d6:52:1d:71 -m comment --comment "Example_ixnfo_com" -j DROP
To remove a rule, just replace -A with -D, for example:
iptables -D FORWARD -m mac --mac-source 04:18:d6:52:1d:71 -m comment --comment "Example_ixnfo_com" -j DROP
Similarly, you can not block, but allow access, I will give examples of how to allow SSH access for a specific MAC address:
/sbin/iptables -A INPUT -p tcp --destination-port 22 -m mac --mac-source 04:18:d6:52:1d:71 -j ACCEPT
/sbin/iptables -A INPUT -i eth0 -p tcp --destination-port 22 -m mac --mac-source 04:18:d6:52:1d:71 -j ACCEPT
See also my article:
How to configure IPTables