Koozali.org: home of the SME Server
  1. Koozali.org: home of the SME Server
  2. Obsolete Releases
  3. SME 7.x Contribs
  4. Topic: MAC based internet access on sme7pre1
« previous next »
Pages: [1]   Go Down

MAC based internet access on sme7pre1

  • 3 Replies
  • 1828 Views

deznuts

MAC based internet access on sme7pre1
« on: February 24, 2006, 07:36:04 AM »
I know there are atleast 2 other topics dealing with this issue:

http://forums.contribs.org/index.php?topic=20795.msg82034#msg82034

and

http://forums.contribs.org/index.php?topic=21456.0

but they are both dated and dont mention sme7. They also have some discrepancies in the iptables command used to enable and disable the filter.

One topic suggests using:

Quote
/sbin/iptables -I PREROUTING -t nat -j DROP -m mac --mac-source 00:00:00:00:00:00 -p tcp --dport 80


and one topic suggests:

Code: [Select]
/sbin/iptables -t nat -A PREROUTING -m mac --mac-source 00:00:00:00:00:00 -p ALL -j DROP

The only mention or reversing these changes is:

"It will be possible to unblock it. Just use the -D option instead of the -I."

However i dont seee the original -I in either command.

So I have 3 questions.

1: What is the command to filter all internet access from a certain MAC in sme7pre1.

2: Will this filter stick after a reboot?

3: What is the command to reverse this filter?

I also like the idea if a cron job enabling and disabling this filter certain times of day.
Logged

Offline gregswallow

  • *
  • 651
  • +1/-0
MAC based internet access on sme7pre1
« Reply #1 on: February 25, 2006, 09:34:53 AM »
I think -I is insert (at the start), -A is append (to the end) and -D is drop (remove), but iptables --help or man iptables will tell you for sure.  And no, the command won't stick after a reboot - you'd need to add a template fragment for that.

I hope you're not trying to keep a kid off the internet with this.  It is pretty easy to get by :-P

(moving this topic to SME7 Contribs - this is not a feature of SME7)
Logged

Offline Franco

  • *
  • 1,171
  • +0/-0
    • http://contribs.org
MAC based internet access on sme7pre1
« Reply #2 on: February 26, 2006, 04:59:31 AM »
Quote
I hope you're not trying to keep a kid off the internet with this. It is pretty easy to get by Razz

Greg,
Can you suggest a good way of blocking the internet and still allow LAN access? I use custom templates for squid acl blocking by IP.

Quote
(moving this topic to SME7 Contribs - this is not a feature of SME7)

But it would definetelly be a nice feature   :-)
Logged

deznuts

MAC based internet access on sme7pre1
« Reply #3 on: August 10, 2006, 08:07:29 AM »
Anything new on this?

I am looking for mac and/or time based restrictions on WAN traffic (not LAN).

I want to avoid having to use a proxy setting becasue it can easily be bypassed.

I would settle for dns whitelist functionality.

PS - I have updated to the latest 7.0 release using yum update and yum upgrade.
Logged
Pages: [1]   Go Up
« previous next »
  1. Koozali.org: home of the SME Server
  2. Obsolete Releases
  3. SME 7.x Contribs
  4. Topic: MAC based internet access on sme7pre1