Skip to main content

Howto Deploy Ethernet MAC Address Filtering on CommGate 3.x

  1. Download Notepad++ from http://notepad-plus.sourceforge.net/uk/site.htm to edit the following text files from a Windows PC. You can then convert the text files into Windows and UNIX modes easily.

  2. Using Notepad++, create a text file and save it as rc.firewall.macaddr in /etc/rc.d directory.

  1. Add all the Ethernet MAC Addresses into file /etc/rc.d/rc.firewall.macaddr (one MAC Address per line) to filter it via the firewall rules in the following format;

MACADDRS="\
11:22:33:44:55:66 \
aa:bb:cc:dd:ee:ff \
66:55:44:33:22:11"

Note: Please change the MAC addresses with your own.

  1. Using WinSCP3 (downloadable from http://winscp.net/eng/download.php), login to the CommGate 3.x system as user root and double-click on the following file /etc/rc.d/rc.firewall.local (Note: Save a copy of the original file for backup purposes before you edit it as a precaution).

  1. Add the customize rules to filter Ethernet MAC Address on the CommGate Shield 3.x firewall script located in /etc/rc.d/rc.firewall.local to allow traffic for authorized MAC addresses to the Internet or WAN interface (eth0).

Copy and paste these lines:

## Start of Ethernet MAC Address firewall script.
## The Ethernet Mac Address file must be located
## at "/etc/rc.d/rc.firewall.macaddr".
MACADDRS=`cat /etc/rc.d/rc.firewall.macaddr`

# This is where the IPTABLES firewall binary
# is located within the CommGate system.
IPTABLES=/sbin/iptables

# Create special table for Ethernet MAC Address

# Filtering with a table/chain name mac-allowed.
$IPTABLES -t nat -F mac-allowed 2>/dev/null
$IPTABLES -t nat -X mac-allowed 2>/dev/null
$IPTABLES -t nat -N mac-allowed

# Insert MAC address check into the
# NAT+PREROUTING table
$IPTABLES -t nat -I PREROUTING -i eth1 -j mac-allowed

# Add MAC addresses to our special table
for MAC in $MACADDRS; do
$IPTABLES -t nat -A mac-allowed -i eth1 -m mac --mac-source $MAC -j RETURN
done

# Drop all unrecognized MACs and change the
# LAN IP subnet 192.168.1.0/24 to your own
# LAN subnet. Refer to this website to
# calculate your Subnet Mask suffix as
# /24, /23, /32, etc.
$IPTABLES -t nat -A mac-allowed -i eth1 -d ! 192.168.1.0/24 -j DROP

## End of Ethernet MAC Address firewall script.


  1. Finally, check to make sure that the rc.firewall.macaddr file is uploaded to /etc/rc.d/ directory on the CommGate Shield system and restart the firewall as follow;

    service firewall restart

  2. Start testing your Internet/WAN access.

Labels:

Comments

Post a Comment

Popular posts from this blog

In early April 2006, I sign-up for the Excellerated Business School for Entrepreneurs (BSE) after a preview session held in Singapore by Executive-Directions. The seminar was held from 15 April to 23 April 2006 in Subang Jaya Hotel in Kuala Lumpur, Malaysia. The BSE in KL was organized by GlobeSL Sdn Bhd. I left Singapore on 14 April via Transtar , the only 1st class coach service which has 16 seats to create a lot of room for your leg. They also provide hot meal during the journey with hot drinks on demand. The seats are equipped with a massage chair, a personal in-flight entertainment system on LCD screen, PC Games and the F&B Attendant will provide anything that you ask for. From newspaper, magazines, blanket, hot/cold drinks, a new set of earphones for the entertainment system... they have it all. They are most courteous and polite at all times. I truly enjoy the Transtar service. For SG$50 from Singapore to KL, it's worth it. I arrived in Subang Jaya Hotel at about 10p
Post a Comment
Read more

From Toilet Cleaner to CEO

On 22-April-2012, my entrepreneurship journey story was published by The Sunday Times in Singapore by Mr. Wong Kim Hoh
1 comment
Read more

Competition: How Eliminating This Word From Your Vocabulary Will Skyrocket Your Success

Competition: How Eliminating This Word From Your Vocabulary Will Skyrocket Your Success this essay is extracted from Rok SIVANTE's Facebook Notes . Click here for Rok SIVANTE Facebook Profile page. ---------------------------------------------------------------------------------------------------------------------------- Competition. How much of business & economic theory has been based around the concept? What’s happened to this economy of ours, based on the scarcity model of which competition is a core principle? (For anyone who hasn’t picked up a newspaper in the last year - it hasn’t exactly been doing as hot as most would like) What are the consequences of continuing to operate in the world from a belief system dictating there must be a winner and a loser in all outcomes? Are your results really dependent on how others around you conduct their lives? Your success in business has NOTHING to do with the “competition.” What any other company or person is doing has NOTHING to
1 comment
Read more