Hey Forum!
How would you filter traffic on a CentOS 7 server to allow network traffic on certain NIC-s from specific MAC addresses only? I wish to use minimal 3rd party tools, so only built-in solutions would be preferred. FirewallD can do this like iptables? If not, then maybe Fail2Ban?
Bert
FirewallD and network traffic filter
Re: FirewallD and network traffic filter
firewalld can filter on mac adrresses with a "rich language" rule. See https://access.redhat.com/documentation ... age_Syntax
-
- Posts: 140
- Joined: 2015/06/02 13:04:03
Re: FirewallD and network traffic filter
I was affraid of these rich languages.....
Re: FirewallD and network traffic filter
It's not that hard!
-
- Posts: 140
- Joined: 2015/06/02 13:04:03
Re: FirewallD and network traffic filter
Cool! I've tested it with my own VMs and it was working like a charm.
What I had to do is simply:
(If not MAC address, then drop)
(If not IP address, then drop)
Now here comes a question:
What if I use 2 rich-rule to allow certain MAC address and drop everything else?
- Will both rules be used => Traffic from both MAC addresses will be accept?
- Only the last rule will be applied?
- Only the first rule will be applied?
I'm unable to test it for a while now, but I'm curious, what do you think Guys?
What I had to do is simply:
(If not MAC address, then drop)
Code: Select all
firewall-cmd --zone=public --add-rich-rule='rule source NOT mac="00:50:bf:5a:67:3d" drop'
Code: Select all
firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" source NOT address="10.0.0.1" drop'
What if I use 2 rich-rule to allow certain MAC address and drop everything else?
- Will both rules be used => Traffic from both MAC addresses will be accept?
- Only the last rule will be applied?
- Only the first rule will be applied?
I'm unable to test it for a while now, but I'm curious, what do you think Guys?