Posted: Wed Apr 02, 2014 5:22 Post subject: iptable MAC Filtering
So, recently got into dd-wrt.
I want to set a rule, so I can only connect at wl0.1 from a specific MAC.
So i ran those commands at a Command Prompt:
Code:
$ telnet 192.168.1.1
$ insmode xt_mac #k2.6
$ iptable -I FORWARD -i wl0.1 -m mac --mac-source CE.LL.PH.ON.EX.XX -j DROP
(didn't worked, so:)
$ iptable -F
$ iptable -I INPUT -i wl0.1 -m mac --mac-source CE.LL.PH.ON.EX.XX -j DROP
I also tried with -A over the -I option. None of those prevented me from connecting to the internet with my cellphone, that has that MAC address. Am I doing something wrong here?
And do I have to reset the router or something for those rules to take effect?
Thanks in advance.
Last edited by tkgcmt on Thu Apr 03, 2014 3:00; edited 1 time in total
Joined: 26 Jan 2008 Posts: 13049 Location: Behind The Reset Button
Posted: Wed Apr 02, 2014 12:53 Post subject: Re: iptable MAC Filtering
tkgcmt wrote:
So, recently got into dd-wrt.
I want to set a rule, so I can only connect at wl0.1 from a specific MAC.
So i ran those commands at a Command Prompt:
$ telnet 192.168.1.1
$ insmode xt_mac #k.6
$ iptable -I FORWARD -i wl0.1 -m mac --mac-source CE.LL.PH.ON.EX.XX -j DROP
(didn't worked, so:)
$ iptable -F
$ iptable -I INPUT -i wl0.1 -m mac --mac-source CE.LL.PH.ON.EX.XX -j DROP
I also tried with -A over the -I option. None of those prevented me from connecting to the internet with my cellphone, that has that MAC address. Am I doing something wrong here?
And do I have to reset the router or something for those rules to take effect?
Thanks in advance.
just use the mac filtering in the gui and select "allow" for the mac(s) you enter in the list. Any other mac not in the allowed list will be denied.
I use mac filtering via gui and it works.
or.. it could be the known bug in the build you are running with your specific hardware. _________________ [Moderator Deleted]
Posted: Thu Apr 03, 2014 2:28 Post subject: Re: iptable MAC Filtering
barryware wrote:
just use the mac filtering in the gui and select "allow" for the mac(s) you enter in the list. Any other mac not in the allowed list will be denied.
That won't work for me, because it will create the rules for all interfaces.
The thing is, I wanna do this only for my Virtual Interface (My second SSID, that has no security set). Don't know if anyone here ever heard of, but I'm trying to do a HomePass, for my 3DS.
The catch: without screwing with my main network, because my father works at home, dependant of the wifi.
I want to know if the commands I put is correct, at least :/