How can I only allow certain MAC/IPs to access the network

[alexandervj]

I have a centos server and a few windows clients. I want to write a rule to block all mac addresses/ips, except for the ones I choose. How can I do this? Thanks

[gerald_clark]

Take their network cables away or block them at the switch/router.
This is not a CentOS issue.

[alexandervj]

This absolutely is a CentOS issue.

Anyone else - how can I change my iptables file to block all mac/ip addresses and only allow the ones I choose?

[gerald_clark]

If your CentOS machine is the internet gateway you can block machines from reaching the intenret, but you cannot block them from the local network.

[alexandervj]

The network is a private network. The CentOS server is a file server. There is no internet access on this network. And yes, you can block MAC addresses and IPs from accessing the server

[TrevorH]

`man iptables` and search for mac-source

[vonskippy]

Bypassing MAC ADDR or IP blocks is trivially easy, that's why you have USERNAMES and STRONG PASSWORDS.

[alexandervj]

I know, its for internal use only, not intended to be a once for all security method. This is to restrict a group of 5 engineers that aren't that computer savvy from plugging any other non approved pcs into the secure network and gaining anykind of access. I have network and user passwords in place, but want to include MAC address filtering as well.

[hi_vkkadam]

First allow your MAC address then deny all others to input to your server

/sbin/iptables -A INPUT -i ethx -p tcp -s 192.168.x.x/x -d x.x.x.x -m mac --mac-source XX:XX:XX:XX:XX:XX -j ACCEPT

/sbin/iptables -A INPUT -i ethx -p tcp -s 192.168.x.x/x -d x.x.x.x -m mac --mac-source XX:XX:XX:XX:XX:YY -j DROP

[alexandervj]

Thank you for a helpful reply, finally