Mac Address filter in IPtables

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP

up vote
1
down vote

favorite

I have an application on 2001 Port and i want allow some users with mac addresses to connect to this port.
so i use this commands :

sudo iptables -A INPUT -p tcp --destination-port 2001 -j DROP

sudo iptables -A INPUT -p tcp --destination-port 2001 -m mac --mac-source [My PC mac] -j ACCEPT

service iptables save

it’s block for everyone but not work for me (the mac address won’t allow)
what’s the problem?

share|improve this question

    up vote
    1
    down vote

    favorite

    I have an application on 2001 Port and i want allow some users with mac addresses to connect to this port.
    so i use this commands :

    sudo iptables -A INPUT -p tcp --destination-port 2001 -j DROP
    
    sudo iptables -A INPUT -p tcp --destination-port 2001 -m mac --mac-source [My PC mac] -j ACCEPT
    
    service iptables save
    

    it’s block for everyone but not work for me (the mac address won’t allow)
    what’s the problem?

    share|improve this question

      up vote
      1
      down vote

      favorite

      up vote
      1
      down vote

      favorite

      I have an application on 2001 Port and i want allow some users with mac addresses to connect to this port.
      so i use this commands :

      sudo iptables -A INPUT -p tcp --destination-port 2001 -j DROP
      
      sudo iptables -A INPUT -p tcp --destination-port 2001 -m mac --mac-source [My PC mac] -j ACCEPT
      
      service iptables save
      

      it’s block for everyone but not work for me (the mac address won’t allow)
      what’s the problem?

      share|improve this question

      I have an application on 2001 Port and i want allow some users with mac addresses to connect to this port.
      so i use this commands :

      sudo iptables -A INPUT -p tcp --destination-port 2001 -j DROP
      
      sudo iptables -A INPUT -p tcp --destination-port 2001 -m mac --mac-source [My PC mac] -j ACCEPT
      
      service iptables save
      

      it’s block for everyone but not work for me (the mac address won’t allow)
      what’s the problem?

      centos iptables firewall

      share|improve this question

      share|improve this question

      share|improve this question

      share|improve this question

      edited Nov 28 at 19:34

      Stephen Harris

      23.4k24376

      23.4k24376

      asked Nov 28 at 19:14

      Sina Maafi

      61

      61

          2 Answers
          2

          active

          oldest

          votes

          up vote
          1
          down vote

          iptable rules are “first match” based. So your first rule drops everything and the second rule is never reached.

          If you change the order (“accept” first, the “drop” second) it’ll do what you expect.

          share|improve this answer

            up vote
            1
            down vote

            Your IPtables rules are in conflict. IPtables works on a first-match basis. Using the -A option puts a rule at the end of the list so your ACCEPT rule is at the end.

            Thus if you entered your rules in the order you described your packet that matches that description (a tcp connection at port 2001) it will be dropped and will not concern itself with any of the following rules. That is of course if these are your only rules too!

            I understand that this link is pretty old, however it provides excellent information on how IPtables priority of rules works.

            So you will want to clear out that rule. First you need to identify the rule, then delete it.

            sudo iptables -L --line-numbers    
            sudo iptables -D INPUT [The Number of the Drop Rule]
            

            Next you can re-add the rule like you did before using the -A option. Now your IPtables should work as expected.

            share|improve this answer

              Your Answer

              StackExchange.ready(function() {
              var channelOptions = {
              tags: “”.split(” “),
              id: “106”
              };
              initTagRenderer(“”.split(” “), “”.split(” “), channelOptions);

              StackExchange.using(“externalEditor”, function() {
              // Have to fire editor after snippets, if snippets enabled
              if (StackExchange.settings.snippets.snippetsEnabled) {
              StackExchange.using(“snippets”, function() {
              createEditor();
              });
              }
              else {
              createEditor();
              }
              });

              function createEditor() {
              StackExchange.prepareEditor({
              heartbeatType: ‘answer’,
              convertImagesToLinks: false,
              noModals: true,
              showLowRepImageUploadWarning: true,
              reputationToPostImages: null,
              bindNavPrevention: true,
              postfix: “”,
              imageUploader: {
              brandingHtml: “Powered by u003ca class=”icon-imgur-white” href=”https://imgur.com/”u003eu003c/au003e”,
              contentPolicyHtml: “User contributions licensed under u003ca href=”https://creativecommons.org/licenses/by-sa/3.0/”u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href=”https://stackoverflow.com/legal/content-policy”u003e(content policy)u003c/au003e”,
              allowUrls: true
              },
              onDemand: true,
              discardSelector: “.discard-answer”
              ,immediatelyShowMarkdownHelp:true
              });

              }
              });

              draft saved
              draft discarded

              StackExchange.ready(
              function () {
              StackExchange.openid.initPostLogin(‘.new-post-login’, ‘https%3a%2f%2funix.stackexchange.com%2fquestions%2f484743%2fmac-address-filter-in-iptables%23new-answer’, ‘question_page’);
              }
              );

              Post as a guest

              Required, but never shown

              2 Answers
              2

              active

              oldest

              votes

              2 Answers
              2

              active

              oldest

              votes

              active

              oldest

              votes

              active

              oldest

              votes

              up vote
              1
              down vote

              iptable rules are “first match” based. So your first rule drops everything and the second rule is never reached.

              If you change the order (“accept” first, the “drop” second) it’ll do what you expect.

              share|improve this answer

                up vote
                1
                down vote

                iptable rules are “first match” based. So your first rule drops everything and the second rule is never reached.

                If you change the order (“accept” first, the “drop” second) it’ll do what you expect.

                share|improve this answer

                  up vote
                  1
                  down vote

                  up vote
                  1
                  down vote

                  iptable rules are “first match” based. So your first rule drops everything and the second rule is never reached.

                  If you change the order (“accept” first, the “drop” second) it’ll do what you expect.

                  share|improve this answer

                  iptable rules are “first match” based. So your first rule drops everything and the second rule is never reached.

                  If you change the order (“accept” first, the “drop” second) it’ll do what you expect.

                  share|improve this answer

                  share|improve this answer

                  share|improve this answer

                  answered Nov 28 at 19:35

                  Stephen Harris

                  23.4k24376

                  23.4k24376

                      up vote
                      1
                      down vote

                      Your IPtables rules are in conflict. IPtables works on a first-match basis. Using the -A option puts a rule at the end of the list so your ACCEPT rule is at the end.

                      Thus if you entered your rules in the order you described your packet that matches that description (a tcp connection at port 2001) it will be dropped and will not concern itself with any of the following rules. That is of course if these are your only rules too!

                      I understand that this link is pretty old, however it provides excellent information on how IPtables priority of rules works.

                      So you will want to clear out that rule. First you need to identify the rule, then delete it.

                      sudo iptables -L --line-numbers    
                      sudo iptables -D INPUT [The Number of the Drop Rule]
                      

                      Next you can re-add the rule like you did before using the -A option. Now your IPtables should work as expected.

                      share|improve this answer

                        up vote
                        1
                        down vote

                        Your IPtables rules are in conflict. IPtables works on a first-match basis. Using the -A option puts a rule at the end of the list so your ACCEPT rule is at the end.

                        Thus if you entered your rules in the order you described your packet that matches that description (a tcp connection at port 2001) it will be dropped and will not concern itself with any of the following rules. That is of course if these are your only rules too!

                        I understand that this link is pretty old, however it provides excellent information on how IPtables priority of rules works.

                        So you will want to clear out that rule. First you need to identify the rule, then delete it.

                        sudo iptables -L --line-numbers    
                        sudo iptables -D INPUT [The Number of the Drop Rule]
                        

                        Next you can re-add the rule like you did before using the -A option. Now your IPtables should work as expected.

                        share|improve this answer

                          up vote
                          1
                          down vote

                          up vote
                          1
                          down vote

                          Your IPtables rules are in conflict. IPtables works on a first-match basis. Using the -A option puts a rule at the end of the list so your ACCEPT rule is at the end.

                          Thus if you entered your rules in the order you described your packet that matches that description (a tcp connection at port 2001) it will be dropped and will not concern itself with any of the following rules. That is of course if these are your only rules too!

                          I understand that this link is pretty old, however it provides excellent information on how IPtables priority of rules works.

                          So you will want to clear out that rule. First you need to identify the rule, then delete it.

                          sudo iptables -L --line-numbers    
                          sudo iptables -D INPUT [The Number of the Drop Rule]
                          

                          Next you can re-add the rule like you did before using the -A option. Now your IPtables should work as expected.

                          share|improve this answer

                          Your IPtables rules are in conflict. IPtables works on a first-match basis. Using the -A option puts a rule at the end of the list so your ACCEPT rule is at the end.

                          Thus if you entered your rules in the order you described your packet that matches that description (a tcp connection at port 2001) it will be dropped and will not concern itself with any of the following rules. That is of course if these are your only rules too!

                          I understand that this link is pretty old, however it provides excellent information on how IPtables priority of rules works.

                          So you will want to clear out that rule. First you need to identify the rule, then delete it.

                          sudo iptables -L --line-numbers    
                          sudo iptables -D INPUT [The Number of the Drop Rule]
                          

                          Next you can re-add the rule like you did before using the -A option. Now your IPtables should work as expected.

                          share|improve this answer

                          share|improve this answer

                          share|improve this answer

                          answered Nov 28 at 19:41

                          kemotep

                          1,9493618

                          1,9493618

                              draft saved
                              draft discarded

                              Thanks for contributing an answer to Unix & Linux Stack Exchange!

                              • Please be sure to answer the question. Provide details and share your research!

                              But avoid

                              • Asking for help, clarification, or responding to other answers.
                              • Making statements based on opinion; back them up with references or personal experience.

                              To learn more, see our tips on writing great answers.

                              Some of your past answers have not been well-received, and you’re in danger of being blocked from answering.

                              Please pay close attention to the following guidance:

                              • Please be sure to answer the question. Provide details and share your research!

                              But avoid

                              • Asking for help, clarification, or responding to other answers.
                              • Making statements based on opinion; back them up with references or personal experience.

                              To learn more, see our tips on writing great answers.

                              draft saved

                              draft discarded

                              StackExchange.ready(
                              function () {
                              StackExchange.openid.initPostLogin(‘.new-post-login’, ‘https%3a%2f%2funix.stackexchange.com%2fquestions%2f484743%2fmac-address-filter-in-iptables%23new-answer’, ‘question_page’);
                              }
                              );

                              Post as a guest

                              Required, but never shown

                              Required, but never shown

                              Required, but never shown

                              Required, but never shown

                              Required, but never shown

                              Required, but never shown

                              Required, but never shown

                              Required, but never shown

                              Required, but never shown

                              Related Post

                              Leave a Reply

                              Your email address will not be published. Required fields are marked *