tuxhats 0 Newbie Poster

The script below is what I have. It does not block other computers that are not in this firewall Check_Mac list. Where is the mistake?
Thanks!!!
tuxhats


#!/bin/sh

IPT="/sbin/iptables"

# Change to your server ip like this LAN="10.229.2.0/24" , leave the "0/24" alone
LAN="10.229.1.0/24"

$IPT -P INPUT DROP
$IPT -P FORWARD DROP
$IPT -P OUTPUT ACCEPT

$IPT -t nat -P PREROUTING ACCEPT
$IPT -t nat -P POSTROUTING ACCEPT
$IPT -t nat -P OUTPUT ACCEPT

$IPT -t mangle -P PREROUTING ACCEPT
$IPT -t mangle -P INPUT ACCEPT
$IPT -t mangle -P FORWARD ACCEPT
$IPT -t mangle -P OUTPUT ACCEPT
$IPT -t mangle -P POSTROUTING ACCEPT

$IPT -t raw -P PREROUTING ACCEPT
$IPT -t raw -P OUTPUT ACCEPT

$IPT -F
$IPT -F -t nat
$IPT -F -t mangle
$IPT -F -t raw

$IPT -X
$IPT -X -t nat
$IPT -X -t mangle
$IPT -X -t raw

$IPT -N CHECK_MAC

#$IPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
$IPT -A INPUT -i lo -j ACCEPT
$IPT -A INPUT -i eth0 -p TCP -m multiport --dports 21,22,80,443 -s $LAN \
--syn -m limit --limit 10/m -m state --state NEW -j CHECK_MAC
$IPT -A INPUT -j LOG --log-prefix "INPUT DROP: "

# server's mac example PUT THE SERVER'S MAC BELOW !!!
# $IPT -A CHECK_MAC -m mac --mac-source XX:XX:XX:XX:XX:XX -j ACCEPT
# input your's below

# my laptop's 2 macs
# $IPT -A CHECK_MAC -m mac --mac-source XX:XX:XX:XX:XX:XX -j ACCEPT
# wireless ath0 card
# $IPT -A CHECK_MAC -m mac --mac-source XX:XX:XX:XX:XX:XX -j ACCEPT
# hard wired eth0 card
# put your's below

# practice IBM compter info
$IPT -A CHECK_MAC -m mac --mac-source 00:11:25:f8:XX:XX -j ACCEPT

# classroom computers... do this FOR EACH classroom computer, sample below
# $IPT -A CHECK_MAC -m mac --mac-source XX:XX:XX:XX:XX:XX -j ACCEPT
# put your's below for EACH classroom computer!

# No.1 Computer hard wired eth0 card
$IPT -A CHECK_MAC -m mac --mac-source 00:23:ae:6b:XX:XX -j ACCEPT
# 2
$IPT -A CHECK_MAC -m mac --mac-source 00:23:ae:70:XX:XX -j ACCEPT
# yada, yada


# finish iptables
$IPT -A CHECK_MAC -j LOG --log-prefix "CHECK_MAC DROP: "
$IPT -A CHECK_MAC -j DROP

exit 0

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts learning and sharing knowledge.