The script below is what I have. It does not block other computers that are not in this firewall Check_Mac list. Where is the mistake?
Thanks!!!
tuxhats
#!/bin/sh
IPT="/sbin/iptables"
# Change to your server ip like this LAN="10.229.2.0/24" , leave the "0/24" alone
LAN="10.229.1.0/24"
$IPT -P INPUT DROP
$IPT -P FORWARD DROP
$IPT -P OUTPUT ACCEPT
$IPT -t nat -P PREROUTING ACCEPT
$IPT -t nat -P POSTROUTING ACCEPT
$IPT -t nat -P OUTPUT ACCEPT
$IPT -t mangle -P PREROUTING ACCEPT
$IPT -t mangle -P INPUT ACCEPT
$IPT -t mangle -P FORWARD ACCEPT
$IPT -t mangle -P OUTPUT ACCEPT
$IPT -t mangle -P POSTROUTING ACCEPT
$IPT -t raw -P PREROUTING ACCEPT
$IPT -t raw -P OUTPUT ACCEPT
$IPT -F
$IPT -F -t nat
$IPT -F -t mangle
$IPT -F -t raw
$IPT -X
$IPT -X -t nat
$IPT -X -t mangle
$IPT -X -t raw
$IPT -N CHECK_MAC
#$IPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
$IPT -A INPUT -i lo -j ACCEPT
$IPT -A INPUT -i eth0 -p TCP -m multiport --dports 21,22,80,443 -s $LAN \
--syn -m limit --limit 10/m -m state --state NEW -j CHECK_MAC
$IPT -A INPUT -j LOG --log-prefix "INPUT DROP: "
# server's mac example PUT THE SERVER'S MAC BELOW !!!
# $IPT -A CHECK_MAC -m mac --mac-source XX:XX:XX:XX:XX:XX -j ACCEPT
# input your's below
# my laptop's 2 macs
# $IPT -A CHECK_MAC -m mac --mac-source XX:XX:XX:XX:XX:XX -j ACCEPT
# wireless ath0 card
# $IPT -A CHECK_MAC -m mac --mac-source XX:XX:XX:XX:XX:XX -j ACCEPT
# hard wired eth0 card
# put your's below
# practice IBM compter info
$IPT -A CHECK_MAC -m mac --mac-source 00:11:25:f8:XX:XX -j ACCEPT
# classroom computers... do this FOR EACH classroom computer, sample below
# $IPT -A CHECK_MAC -m mac --mac-source XX:XX:XX:XX:XX:XX -j ACCEPT
# put your's below for EACH classroom computer!
# No.1 Computer hard wired eth0 card
$IPT -A CHECK_MAC -m mac --mac-source 00:23:ae:6b:XX:XX -j ACCEPT
# 2
$IPT -A CHECK_MAC -m mac --mac-source 00:23:ae:70:XX:XX -j ACCEPT
# yada, yada
# finish iptables
$IPT -A CHECK_MAC -j LOG --log-prefix "CHECK_MAC DROP: "
$IPT -A CHECK_MAC -j DROP
exit 0