1 |
Your iptables rule is almost ok, if I were you i'd do something like this: |
2 |
|
3 |
iptables -t nat -A PREROUTING -m mac --mac-source 00:19:7E:C5:02:AB -j DROP |
4 |
|
5 |
and |
6 |
iptables -A INPUT -m mac --mac-source 00:19:7E:C5:02:AB -j DROP |
7 |
|
8 |
That should do the job |
9 |
|
10 |
Daevid Vincent pisze: |
11 |
> I have my WiFi network on a hostapd controlled 10.10.10.* range and my |
12 |
> wired LAN on a 192.168.1.* range. |
13 |
> |
14 |
> I try to be a "nice guy" and leave the WiFi 'open' (no WEP) as it's |
15 |
> segregated and I use some proper shorewall rules to route things nicely |
16 |
> for my various privileged devices. Also, some WiFi devices I have just |
17 |
> don't support WEP, and it's a real hassle to get others working with |
18 |
> WEP. |
19 |
> |
20 |
> I don't mind the occasional person jumping on to check movie times or |
21 |
> traffic or get email or whatever. I think bandwidth should be free for |
22 |
> everyone and it is sure a life saver when you need to quickly get online |
23 |
> for something. |
24 |
> |
25 |
> Anyways, sometimes I have stupid neighbors who don't quite "get it" and |
26 |
> will just blindly let their computers connect to my WAP. UGH! They sit |
27 |
> on it for hours and days and generally piss me off. |
28 |
> |
29 |
> How can I boot someone off my network? I usually add them to my |
30 |
> shorewall blacklist file, and then: |
31 |
> |
32 |
> /etc/init.d/dhcp restart |
33 |
> /etc/init.d/shorewall restart |
34 |
> |
35 |
> But I still see them on there it seems. |
36 |
> http://daevid.com/examples/dhcp |
37 |
> (essentially it's doing an 'arp -n' and then I parse that info and make |
38 |
> it pretty) |
39 |
> |
40 |
> daevid dhcp # arp -n |
41 |
> Address HWtype HWaddress Flags Mask |
42 |
> Iface |
43 |
> 10.10.10.7 ether 00:06:25:12:4A:D8 C |
44 |
> wlan0 |
45 |
> 10.10.10.27 ether 00:19:7E:C5:02:AB C |
46 |
> wlan0 |
47 |
> 67.168.160.1 ether 00:01:5C:23:D7:02 C |
48 |
> eth0 |
49 |
> 10.10.10.69 ether 00:02:6F:21:DF:5C C |
50 |
> wlan0 |
51 |
> 192.168.1.18 ether 00:0C:F1:A8:F7:F3 C |
52 |
> eth1 |
53 |
> |
54 |
> I googled and found this little nugget that I thought would work: |
55 |
> http://www.linuxforums.org/forum/linux-newbie/5752-dhcpd-iptables-deny-m |
56 |
> ac-addresses.html |
57 |
> |
58 |
> # iptables -A FORWARD -m mac --mac-source 00:19:7E:C5:02:AB -j DROP |
59 |
> |
60 |
> But I still see this squatter. And I can feel my network being sluggish |
61 |
> as they're probably downloading a lot of stuff. |
62 |
> |
63 |
> |
64 |
-- |
65 |
gentoo-user@g.o mailing list |