| Author |
Message |
|
|
Post subject: RE: IP vs MAC filtering
 Posted: 28.09.2004 - 12:50 #12002
|
|
Guru
Joined: Feb 19, 2003
Posts: 1133
Location: blizko Trencina
|
|
1) sprav si mac_filter chainu
2) nahadz do nej co treba takto:
for ONEROW in $DHCPLIST; do
MAC="`echo $ONEROW | cut -f1 -d\;`";
IP="`echo $ONEROW | cut -f2 -d\;`";
/sbin/iptables -A MAC_FILTER_CHAIN -s $IP -m mac --mac-source $MAC -j RETURN
done
3) nakoniec pridaj dropnut vsetko nezname
/sbin/iptables -A MAC_FILTER_CHAIN -d $IP -j DROP
4) zavolaj si z FORWARDu alebo z kade xces skok do tejto chainy |
|
|
| |
|
|
|
 |
|
|
|
Post subject: RE: IP vs MAC filtering
Posted: 28.09.2004 - 14:35 #12003
|
|
Majster
Joined: Jan 12, 2003
Posts: 4250
Location: /dev/null
|
|
kiwi: ak chces 2 MAC na jednu IP, tak budes musiet mat za sebou 2 pravidla ktore tieto MAC povoluju, napriklad
/usr/sbin/iptables -A FORWARD -s 10.20.30.40 -m mac --mac-source 00:00:00:00:00:00 -j ACCEPT
/usr/sbin/iptables -A FORWARD -s 10.20.30.40 -m mac --mac-source 00:00:00:00:00:01 -j ACCEPT
a pokial mas defaultny accept tak si za to este musis zaradit drop na tuto IP
/usr/sbin/iptables -A FORWARD -s 10.20.30.40 -j DROP
[pokial mas DROP default, tak netreba  ]
najjednoduchsie a najspolahlivejsie by vsak bolo danemu cloveku venovat 2 IP...
inac to co napisal jmi vyzera zeby malo byt funkcne a spravi priblizne to iste... |
|
|
| |
|
|
|
|
|
|
|
Post subject: Blade Runner 5400
Posted: 07.12.2005 - 08:27 #26153
|
|
Basic
Joined: Feb 26, 2005
Posts: 140
Location: Pieštany,vidiek
|
|
zdravim mam nainstalovany Linux RedHat9 , dal som si z windowsu u ineho PC pomocou programu LAN GUARD NETWORK SCANNER oskenovat porty na PC s Linuxom , vsetko bolo ok az dokym som nezbadal port 5400 s nazvom BACKDOOR BLADE RUNNER , chcem sa preto spytat ako sa da toto svinstvo odstranit , pripominam ze PC este nikdy nebol zapojeny na Internet , no v buducnosti ho planujem vyuzit ako GATEWAY
za odpovede vopred diky |
|
|
| |
|
|
|
|
|
|
|
Post subject: RE: IP vs MAC filtering
Posted: 07.12.2005 - 10:47 #26159
|
|
Majster
Joined: Feb 05, 2003
Posts: 2686
Location: Topolcany
|
|
| na porte 5400 nebezi ziadna standardna sluzba cize na prvy pohlad to vyzera ako backdoor ale...neverim ziadnym win ficurinam a lan guard poznam a je to pekne spraveny (dizajnovo) skener ale zozrat mu vsetko by som zase nezral. v kazdom pripade si pozri ci ti na tom porte naozaj nieco visi (nmap netstat...) a ak hej tak ktory proces |
|
|
| |
|
|
|
|
|
|
|
Post subject: RE: IP vs MAC filtering
Posted: 07.12.2005 - 21:44 #26181
|
|
Majster
Joined: Okt 21, 2003
Posts: 4247
|
|
kiwi wrote: ›mam ale problem, ze ked na je viacero MAC pridelena jedna IP (chlapik ma aj PC aj notebook, a chce aby mu isiel raz jeden raz druhy po zapojeni) tak nefunguje ani jedna, pretoze prienik podmienok je nulovy, ako by ste to riesili?
som to uz davnejsie vyriesil tak, ze uzivatel moze mat pridelenych viacero IPciek. ipcky zdielaju jeden spolocny class v htb (jednu rychlost)... ipcky zdielau spolocny class v htb, takze sa delia o rychlost ktora je uzivatelovi pridelena... |
|
|
| |
|
|
|
|
|
|
Powered by PNphpBB2 © 2003-2005 The PNphpBB Group
Credits |
