Koozali.org: home of the SME Server
Legacy Forums => General Discussion (Legacy) => Topic started by: Rob Saw on April 07, 2003, 10:33:43 PM
-
First off, apologies if this has been covered before, I have searched and found nothing.
I have a simple home install of E-smith 5.6 acting as a file server, mail server and gateway for 3 client PCs. With exam time coming up soon, I would like to be able to allow one PC to only access the net at limited times.
My brother is a crafty type, so may well think to change his IP address, but the MAC address is something I doubt he will even consider.
Is there a way I can set up E-smith to block his access based on the MAC address of his PC. Could I then schedule a job to allow access at only the permitted times?
Many thanks in advance.
Rob
-
You should be able to block by MAC since you're using SME 5.6 which uses
IP Tables. Try this
iptables -I PREROUTING -t nat -j DROP --mac-source 00:90:26:CB:4E:56 -p tcp --dport 80
assuming 00:90:26:CB:4E:56 is your MAC address. It'll block out at least the surfing
part.
-
Thanks for that ;)
Sounds good, and a bit of reading around says that dport will accept a range of ports, so I can block pretty much every port.
Sorry again if this is easy, but I really can't work it out. tried running the command and was told that --mac source was not valid.
Looked into it a bit and it appears that mac source is an extension of iptables... just can't see how to add the extension
TIA
-
Rob, I have missed out the '-m mac' portion
/sbin/iptables -I PREROUTING -t nat -j DROP -m mac --mac-source 00:90:26:CB:4E:56 -p tcp --dport 80
-
D'oh! I even looked at pages which gave me the context!
Works Great.
Many thanks, and while my brother won't thank either you or I right now, Wait a few years till he is a doctor driving a Mercedes etc. etc.
Thanks Again!