Ubuntu: Limit access to server using MAC address or certificate



Question:

My server has a static IP and I've set up a website so that computers on the same network can access the website using the IP address. For example, you can type 192.168.1.1/#!/ in the address bar of a browser and connect to my website.

I'm looking for a way to limit connections to the Ubuntu desktop either with MAC address or certificates that are on computers that I give access to.

Is there a way to limit connections in such a way?


Solution:1

You can use iptables rules to limit access based on MAC address. Here is an example from my own rule set to not allow packets from a specific MAC:

# Drop packets from a certain MAC address  #  $IPTABLES -A INPUT -i $EXTIF -m mac --mac-source 00:14:BF:BC:25:EE -j LOG --log-prefix "BEFSR81:" --log-level info  $IPTABLES -A INPUT -i $EXTIF -m mac --mac-source 00:14:BF:BC:25:EE -j DROP  

where:

IPTABLES=/sbin/iptables  EXTIF="eth1"  UNIVERSE="0.0.0.0/0"  EXTIP="your static IP address"  

However, if the desire was to allow based on MAC address, the rules would be something like:

$IPTABLES -A INPUT -i $EXTIF -s $UNIVERSE -d $EXTIP -m state --state ESTABLISHED,RELATED -j ACCEPT  # Allow packets from a certain MAC address and no others  #  $IPTABLES -A INPUT -i $EXTIF -m mac --mac-source 00:14:BF:BC:25:EE -j LOG --log-prefix "BEFSR81:" --log-level info  $IPTABLES -A INPUT -i $EXTIF -m mac --mac-source 00:14:BF:BC:25:EE -j ACCEPT  $IPTABLES -A INPUT -i $EXTIF -j DROP  

Note: for the allow version, some other specific ACCEPTs might be required.
You may or may not want the logging lines. If you keep them, make sure they do not flood your log files.


Note:If u also have question or solution just comment us below or mail us on toontricks1994@gmail.com
Previous
Next Post »