https://community.hpe.com/t5/operating-system-linux/setting-iptables/m-p/3096589#M87568 <BR />I am not to sure of what you need, so correct me if i am on the wrong track.<BR /><BR />No not user you can identify the "node" from where a packet is from or going to by its mac address, this is very low in your network stack (4 level model), iptables deal with such a low level, so it knows about things like mac address(XX:XX:XX:XX:XX:XX),ip(XXX.XXX.XXX.XXX), it now about protocol like (tcp,udp..etc), but it does not know about thing at levels like user name.<BR /><BR />If what you are after is how to construct an iptable rule to deal with a mac address then the following should do it. <BR /><BR /><BR />iptables -A FORWARD -m mac --mac-source XX:XX:XX:XX:XX -j ACCEPT<BR />iptables -A FORWARD -m mac --mac-source XX:XX:XY:XY:XY -j DROP<BR /><BR />Let us know if this is what you need.<BR /><BR />J-P Sat, 18 Oct 2003 04:26:16 GMT Huc_1 2003-10-18T04:26:16Z https://community.hpe.com/t5/operating-system-linux/setting-iptables/m-p/3096588#M87567 hello all members<BR />hope u r fine<BR /><BR />i want to configure my iptables to authenticate users by their MAC is that possible or is there any other way to authenticate users in LAN. <BR /><BR />plz advice Sat, 18 Oct 2003 03:34:18 GMT https://community.hpe.com/t5/operating-system-linux/setting-iptables/m-p/3096588#M87567 Muhammad Imran Hussain 2003-10-18T03:34:18Z https://community.hpe.com/t5/operating-system-linux/setting-iptables/m-p/3096589#M87568 <BR />I am not to sure of what you need, so correct me if i am on the wrong track.<BR /><BR />No not user you can identify the "node" from where a packet is from or going to by its mac address, this is very low in your network stack (4 level model), iptables deal with such a low level, so it knows about things like mac address(XX:XX:XX:XX:XX:XX),ip(XXX.XXX.XXX.XXX), it now about protocol like (tcp,udp..etc), but it does not know about thing at levels like user name.<BR /><BR />If what you are after is how to construct an iptable rule to deal with a mac address then the following should do it. <BR /><BR /><BR />iptables -A FORWARD -m mac --mac-source XX:XX:XX:XX:XX -j ACCEPT<BR />iptables -A FORWARD -m mac --mac-source XX:XX:XY:XY:XY -j DROP<BR /><BR />Let us know if this is what you need.<BR /><BR />J-P Sat, 18 Oct 2003 04:26:16 GMT https://community.hpe.com/t5/operating-system-linux/setting-iptables/m-p/3096589#M87568 Huc_1 2003-10-18T04:26:16Z https://community.hpe.com/t5/operating-system-linux/setting-iptables/m-p/3096590#M87569 hello<BR /><BR />yes u r right,<BR />&amp; also plz guide how to allow or disallow known application &amp; ports like allowing msn, yahoo,http &amp; disallowing kazaa, imesh.<BR /><BR />Thank u for understanding<BR /> Sat, 18 Oct 2003 05:03:34 GMT https://community.hpe.com/t5/operating-system-linux/setting-iptables/m-p/3096590#M87569 Muhammad Imran Hussain 2003-10-18T05:03:34Z https://community.hpe.com/t5/operating-system-linux/setting-iptables/m-p/3096591#M87570 First, allow the MAC addresses the way Jean Pierre suggested.<BR />Then, the best is to allow the ports corresponding to what you need, and dissallow the rest (including imesh and other kazaas).<BR />Steven provided a good example in this thread :<BR /><A href="http://forums1.itrc.hp.com/service/forums/parseCurl.do?CURL=%2Fcm%2FQuestionAnswer%2F1%2C%2C0x67de68da2286d711abdc0090277a778c%2C00.html&amp;admit=716493758+1066482174278+28353475" target="_blank">http://forums1.itrc.hp.com/service/forums/parseCurl.do?CURL=%2Fcm%2FQuestionAnswer%2F1%2C%2C0x67de68da2286d711abdc0090277a778c%2C00.html&amp;admit=716493758+1066482174278+28353475</A><BR />You may wish to try this one, adding at the begining the MAC addresses. You can also use the tips we gave you here :<BR /><A href="http://forums1.itrc.hp.com/service/forums/parseCurl.do?CURL=%2Fcm%2FQuestionAnswer%2F1%2C%2C0x9d4b8b82cc91d711abdc0090277a778c%2C00.html&amp;admit=716493758+1066481908866+28353475" target="_blank">http://forums1.itrc.hp.com/service/forums/parseCurl.do?CURL=%2Fcm%2FQuestionAnswer%2F1%2C%2C0x9d4b8b82cc91d711abdc0090277a778c%2C00.html&amp;admit=716493758+1066481908866+28353475</A><BR />Ask us if you want some comment on the file.<BR /><BR />hth<BR /><BR />J Sat, 18 Oct 2003 08:03:15 GMT https://community.hpe.com/t5/operating-system-linux/setting-iptables/m-p/3096591#M87570 Jerome Henry 2003-10-18T08:03:15Z