FreshTomato Wiki

User Tools

Site Tools

Trace:
device_filtering

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Next revisionBoth sides next revision
device_filtering [2023/05/24 21:15] – [Block devices via script/scheduler] hogwilddevice_filtering [2023/05/24 21:22] – [ebtables (routed environment)] hogwild
Line 11: Line 11:
  
  
-===== ebtables =====+===== ebtables (routed environment) =====
  
-# Block\\  ''/usr/sbin/ebtables -A FORWARD -d aa:bb:cc:dd:ee:ff -j DROP''+# Block\\  ''/usr/sbin/ebtables -A FORWARD -d AA:BB:CC:DD:EE:FF -j DROP''
  
  \\  \\
  
-# Unblock\\  ''/usr/sbin/ebtables -D FORWARD -d aa:bb:cc:dd:ee:ff -j DROP''+# Unblock\\  ''/usr/sbin/ebtables -D FORWARD -d AA:BB:CC:DD:EE:FF -j DROP''
  
  \\  \\
Line 23: Line 23:
 # Flush (unblock all the defined references at once)\\  ''/usr/sbin/ebtables -F''\\  \\ # Flush (unblock all the defined references at once)\\  ''/usr/sbin/ebtables -F''\\  \\
  
- NOTE: you might have additional ebtables in your system so be very careful about flushing the full ebtable.+ NOTE: you might have additional ebtables in your system so **be very careful** about flushing the full ebtable.
  
  
 ===== iptables ===== ===== iptables =====
  
-# Block Internet access (or any intra-vlan)\\  ''/sbin/iptables -I **FORWARD** -m mac --mac-source aa:bb:cc:dd:ee:ff -j DROP''+# Block Internet access (or any intra-vlan)\\  ''/sbin/iptables -I **FORWARD** -m mac --mac-source AA:BB:DD:EE:FF -j DROP''
  
  \\  \\
  
-# Block any network acrtivity including services provided by the router itself e.g. minidlna/webserver/mysql)\\  ''/sbin/iptables -I **INPUT** -m mac --mac-source aa:bb:cc:dd:ee:ff -j DROP''+# Block any network activity, including services provided by the router (e.g. minidlna/webserver/mysql)\\  ''/sbin/iptables -I **INPUT** -m mac --mac-source AA:BB:CC:DD:EE:FF -j DROP''
  
  \\  \\
  
-# Unblock just rever whatever command replacinf -I with -D e.g.\\  ''/sbin/iptables -D FORWARD -m mac --mac-source aa:bb:cc:dd:ee:ff -j DROP''+# Unblock just rever whatever command replacing -I with -D e.g.\\  ''/sbin/iptables -D FORWARD -m mac --mac-source AA:BB:CC:DD:EE:FF -j DROP''
  
  \\  \\
  
-# Flush\\  ''You don't do that for iptables '':-)'' rather reboot the device''+# Flush\\  ''You don't do that for iptables '':-)'' instead, reboot the device''
  
-These days, blocking MAC addresses can  be tedious task. Many client devices use a MAC randomization function. MAC addresses can "change" freqently.+ \\ 
 + 
 +These days, blocking MAC addresses can  be tedious task. Many client devices use a MAC randomization function. MAC addresses can "change" freqeently.
  
 For dealing with this, one alternative is to filter using hostnames. For dealing with this, one alternative is to filter using hostnames.
device_filtering.txt · Last modified: 2023/05/24 21:38 by hogwild

Page Tools

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki