I use MAC address filtering on my Linux router. Here is what I have done:
iptables -A INPUT -i eth5 -m mac --mac-source 00:07:e9:84:2b:99 -j RETURN #User: Someuser
iptables -A INPUT -i eth5 -j DROP
But the Iptables rule list is huge with more than 400 entries. Recently I read about the advantages of using Ipset with Iptables here. But nowhere I have found any howtos about doing same thing with MAC filtering. So how can I use Ipset for MAC filtering in order to reduce the size of Iptables rule table.
Best Answer
Basically something like this, but you have to associate an IP with a MAC, pure MAC sets do not seem to exist:
Here, you see the content of the map and the reference-counter indicating an iptables rule referencing this set:
There are some things to consider: