Linux: Mac Filtering

I remember I have used OpenBSD in network bridge mode for Mac Address Filtering. I'm wondering is there possible to do Mac Address Filtering on Linux, and apparently it is not too hard once I have figured it out, it is pretty straight forward with quick kernel recompiling. Here's my note of doing it on Gentoo linux -

Checking if it is already compiled as module -

shell>egrep -i 'mac' /usr/src/linux-2.6.19-gentoo-r5/.config
CONFIG_NETFILTER_XT_MATCH_MAC=m

Since it is there, I need to know the module name, to locate it -

shell>sudo find /lib/modules/2.6.19-gentoo-r5/ -type f -name '*mac*'
/lib/modules/2.6.19-gentoo-r5/kernel/net/netfilter/xt_mac.ko

Loading the LKM -

shell>sudo modprobe xt_mac

Checking to see if the module is loaded properly -

shell>lsmod
Module Size Used by
xt_mac 2048 0
x_tables 14852 1 xt_mac

Now I just need to add it as well as the userland tool for netfilter - iptables since it is needed.

shell>echo "xt_mac" >> /etc/modules.autoload.d/kernel-2.6

shell>echo "iptable_filter" >> /etc/modules.autoload.d/kernel-2.6

Installing iptables userland tool -

shell>sudo emerge -v iptables

Once all the stuffs needed are loaded, we can start to test on the Mac Address Filtering. To block every single bits from the host with mac address 00:19:D1:2F:71:B5, I just run this -

shell>sudo iptables -A INPUT -m mac --mac-source 00:19:D1:2F:71:B5 -j DROP

That's pretty straight forward. To flush the INPUT chain after testing -

shell>sudo iptables -F INPUT

This is just quicky, hopefully I can get more handy later on iptables because I haven't used it for quite sometimes.

Enjoy ;]