How to bind IP/MAC to specific interface ports w/ IPTables?

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
View previous topic :: View next topic  
Author Message
MonarchX
DD-WRT User


Joined: 26 Sep 2009
Posts: 119
PostPosted: Mon Jan 03, 2022 15:25    Post subject: How to bind IP/MAC to specific interface ports w/ IPTables? Reply with quote
How can I bind local IP addresses and/or MAC addresses to specific interfaces (eth0, br0, wlan0, etc.) via IPTables and/or EBTables and/or ARPTables? Assume default policy has to be ACCEPT.

The way I bind IP to MAC with IPTables is:
Code:
iptables -A FORWARD -s X.X.X.X -m mac ! --mac-source YY:YY:YY:YY:YY:YY -j DROP


The way I bind IP to MAC with EBTables is:
Code:
ebtables -A FORWARD -p 0x0800 --ip-src X.X.X.X ! -s YY:YY:YY:YY:YY:YY -j DROP


The way I bind IP to MAC with ARPTables is:
Code:
arpables -A INPUT -s X.X.X.X ! --source-mac YY:YY:YY:YY:YY:YY -j DROP



Is it possible to assign client local IP address X.X.X.X and/or MAC address YY:YY:YY:YY:YY:YY to specific port on whichever interface via IPTables and/or EBTables and/or ARPTables? How? Each interface (br0, eth0, wlan0), has its own MAC address that can be seen with "ifconfig" command. Perhaps I am supposed to bind client IP's/MAC's to interface MAC's? I don't know...
Back to top View user's profile Send private message
Sponsor
Wildlion
DD-WRT Guru


Joined: 24 May 2016
Posts: 1389
PostPosted: Mon Jan 03, 2022 22:19    Post subject: Reply with quote
It would depend on if you can address each port specifically... and on most consumer routers they do not allow this level of detail, because it is a generic switch.

based on the man pages for iptables:

Quote:
[!] -i, --in-interface name
Name of an interface via which a packet was received (only for
packets entering the INPUT, FORWARD and PREROUTING chains).
When the "!" argument is used before the interface name, the
sense is inverted. If the interface name ends in a "+", then
any interface which begins with this name will match. If this
option is omitted, any interface name will match.

[!] -o, --out-interface name
Name of an interface via which a packet is going to be sent (for
packets entering the FORWARD, OUTPUT and POSTROUTING chains).
When the "!" argument is used before the interface name, the
sense is inverted. If the interface name ends in a "+", then
any interface which begins with this name will match. If this
option is omitted, any interface name will match.
Back to top View user's profile Send private message
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum