Linux – MAC address filtering in Linux

firewalllinuxmac address

I'm a new system administrator of an existing Linux network. Apparently there is MAC address filtering there. How could I allow a specific MAC to connect to the network?

The INPUT, FORWARD and OUTPUT chains of iptables are empty.

Best Answer

There is a program on Linux called ebtables that allows filtering, logging, forwarding and other stuff based on MAC addresses (Layer 2), as opposed to iptables working with IP addresses (Layer 3). ebtables works similarly to iptables, might be worth it to try ebtables -L or so.

Alternatively your Linux system might have multiple interfaces junctioned in a bridge, but I'm not sure what sort of MAC filtering you can do with brctl.

Related Solutions

Cisco IOS router MAC or IP address filtering

You might want to see Filters Using MAC-Based ACLs.

Can you provide details about the hardware / software you're running?

Update:

So based on the information you supplied I believe this is the correct answer. From the linked document above:

AP# configure terminal
AP<config># access-list 700 deny 0040.96a5.b5d4 0000.0000.0000

!--- This ACL denies all traffic to and from 
!--- the client with MAC address 0040.96a5.b5d4.

AP<config># interface Dot11Radio0.1


!--- Or whatever the radio interface is

AP<config># dot11 association mac-list 700

Linux – How to Join Two Named Pipes into a Single Input Stream

Personally, my favorite (requires bash and other things that are standard on most Linux distributions)

The details can depend a lot on what the two things output and how you want to merge them ...

Contents of command1 and command2 after each other in the output:

cat <(command1) <(command2) > outputfile

Or if both commands output alternate versions of the same data that you want to see side-by side (I've used this with snmpwalk; numbers on one side and MIB names on the other):

paste <(command1) <(command2) > outputfile

Or if you want to compare the output of two similar commands (say a find on two different directories)

diff <(command1) <(command2) > outputfile

Or if they're ordered outputs of some sort, merge them:

sort -m <(command1) <(command2) > outputfile

Or run both commands at once (could scramble things a bit, though):

cat <(command1 & command2) > outputfile

The <() operator sets up a named pipe (or /dev/fd) for each command, piping the output of that command into the named pipe (or /dev/fd filehandle reference) and passes the name on the commandline. There's an equivalent with >(). You could do: command0 | tee >(command1) >(command2) >(command3) | command4 to simultaneously send the output of one command to 4 other commands, for instance.

Best Answer

Related Solutions

Cisco IOS router MAC or IP address filtering

Linux – How to Join Two Named Pipes into a Single Input Stream

Related Topic