On Tue, 01 Mar 2005 18:56:48 -0500, Madhusudan Singh staggered into the
Black Sun and said:
> I am using iptables for my firewall on this server which is meant to
> act as a samba file server for a bunch of windows xp machines. I wish
> to limit ssh and samba access to this machine based on the MAC address
> of machines. The problem is that all these machines get their IP
> address via DHCP from some other server, so I cannot use their current
> IP addresses to write the rule.
>
> Is the above possible ? If so, how ?

"man iptables" suggests:

--mac-source [!] address
Match source MAC address. It must be of the form
XX:XX:XX:XX:XX:XX. Note that this only makes sense for packets
coming from an Ethernet device and entering the PREROUTING, FOR-
WARD or INPUT chains

....combine a bunch of those with the destination-ports you wish to allow
and -j ACCEPT , you're in business. Hope the MACs don't change. HTH,

--
Matt G|There is no Darkness in Eternity/But only Light too dim for us to see
Brainbench MVP for Linux Admin / mail: TRAP + SPAN don't belong
http://www.brainbench.com / Hire me!
-----------------------------/ http://crow202.dyndns.org/~mhgraham/resume