Skip to main content

Howto Deploy Ethernet MAC Address Filtering on CommGate 3.x

  1. Download Notepad++ from http://notepad-plus.sourceforge.net/uk/site.htm to edit the following text files from a Windows PC. You can then convert the text files into Windows and UNIX modes easily.

  2. Using Notepad++, create a text file and save it as rc.firewall.macaddr in /etc/rc.d directory.

  1. Add all the Ethernet MAC Addresses into file /etc/rc.d/rc.firewall.macaddr (one MAC Address per line) to filter it via the firewall rules in the following format;

MACADDRS="\
11:22:33:44:55:66 \
aa:bb:cc:dd:ee:ff \
66:55:44:33:22:11"

Note: Please change the MAC addresses with your own.

  1. Using WinSCP3 (downloadable from http://winscp.net/eng/download.php), login to the CommGate 3.x system as user root and double-click on the following file /etc/rc.d/rc.firewall.local (Note: Save a copy of the original file for backup purposes before you edit it as a precaution).

  1. Add the customize rules to filter Ethernet MAC Address on the CommGate Shield 3.x firewall script located in /etc/rc.d/rc.firewall.local to allow traffic for authorized MAC addresses to the Internet or WAN interface (eth0).

Copy and paste these lines:

## Start of Ethernet MAC Address firewall script.
## The Ethernet Mac Address file must be located
## at "/etc/rc.d/rc.firewall.macaddr".
MACADDRS=`cat /etc/rc.d/rc.firewall.macaddr`

# This is where the IPTABLES firewall binary
# is located within the CommGate system.
IPTABLES=/sbin/iptables

# Create special table for Ethernet MAC Address

# Filtering with a table/chain name mac-allowed.
$IPTABLES -t nat -F mac-allowed 2>/dev/null
$IPTABLES -t nat -X mac-allowed 2>/dev/null
$IPTABLES -t nat -N mac-allowed

# Insert MAC address check into the
# NAT+PREROUTING table
$IPTABLES -t nat -I PREROUTING -i eth1 -j mac-allowed

# Add MAC addresses to our special table
for MAC in $MACADDRS; do
$IPTABLES -t nat -A mac-allowed -i eth1 -m mac --mac-source $MAC -j RETURN
done

# Drop all unrecognized MACs and change the
# LAN IP subnet 192.168.1.0/24 to your own
# LAN subnet. Refer to this website to
# calculate your Subnet Mask suffix as
# /24, /23, /32, etc.
$IPTABLES -t nat -A mac-allowed -i eth1 -d ! 192.168.1.0/24 -j DROP

## End of Ethernet MAC Address firewall script.


  1. Finally, check to make sure that the rc.firewall.macaddr file is uploaded to /etc/rc.d/ directory on the CommGate Shield system and restart the firewall as follow;

    service firewall restart

  2. Start testing your Internet/WAN access.

Labels:

Comments

Post a Comment

Popular posts from this blog

From Toilet Cleaner to CEO

On 22-April-2012, my entrepreneurship journey story was published by The Sunday Times in Singapore by Mr. Wong Kim Hoh








































1 comment
Read more

Making Optimum Choices in Life

I was asked by one of my business mentees I am currently mentoring, "How do I make the most optimum choice in life when I am bombarded with possibilities all the time?"Life is full of choices. This choice, that choice, both choice or none of the above. THAT's a whopping 4 choice!  Choice can open the door to a whole new possibilities, not only at cross-roads on our path in life, but in each moment, giving us access to the bountiful of possibilities with which we can paint our world any way we want it to be.  We can choose a new action, thought or feeling at any time, and create an entirely new reality as a result.  Every choice has an impact or consequence, to a greater or lesser extent, each one like a pebble dropped in a pond; the ripples, the ramifications, spreading out into your future and other areas of your life. Even one small choice made today that shifts your life by a minor degree can take you to an entirely different future than the one you are heading, opening …
1 comment
Read more

The 4 Essentials of Effective Leadership

I read this article written Mark Raciappa, ActionCOACH and I totally agree. His communication is clear, concise and it resonated with me. Mark says;
I remember a bumper sticker: “Either Lead or Follow—But Get Out of the Way!”
Interestingly, in my company, I say something similar and it goes like this "If you can lead, lead. If you can't lead, follow. If you cannot lead or follow, get out of my way!
Mark continued to write that, when our role calls for the former, here are 4 important things to keep in mind:1. Great leaders communicate. Realizing that good communication is a 2-way street, we must be responsible for our part. That being said, true communication is the response that you get. Whatever form you choose (verbal, mail, e-mail, etc), if you don’t get the outcome you seek (from a “willing” recipient), the responsibility lies with the sender. Great leaders confirm, gain commitment, and solicit feedback to improve the process.2. Great leaders make decisions. Far too ofte…
1 comment
Read more