0

im new in firewalls etc. readed nftables quick reference

how to allow only my mac address (my device - laptop, phone etc.). allow my mac to access ssh port (port:22)

tried that:

ether saddr 00:00:00:00:00 tcp dport 22 accept;tcp 11:11:11:11:11 dport 22 drop

//numbers 00:00:00.... and 11:11:11.... are examples, where 00:00:00.... is my mac address

this combination dropped all connections to ssh port...

gcboard
  • 1
  • 8
  • Please try to reword the phrasing of your question, it's very unclear what you want/need, what you have tried, etc... Please try to use right syntax and use the markdown helpers to highlight code snippets. – dawud Dec 30 '16 at 20:06
  • eddited... i want to block others people for access my ssh port, by add my mac address to the exceptions from global block. And there is another question, ether saddr mac:mac:mac:mac is the device (laptop) mac address connected to internet or my router? – gcboard Jan 01 '17 at 22:13

1 Answers1

0

MAC address restrictions are a joke because it is beyond simple to clone a MAC address. Anyone on your LAN will probably have the ability to see a good MAC address and clone it.

If the machines you are concerned about are on a different LAN, then MAC address filtering will do no good, anyway, because MAC addresses are only valid or seen on the LAN that has the host with that MAC address. Routers strip off layer-2 frames, including the MAC addresses in the frames.

Ron Maupin
  • 3,243
  • 1
  • 12
  • 20
  • Ok, so what is the best point to protect my vps? My ip is private, vps have public ipv4 ofc. – gcboard Jan 03 '17 at 00:48
  • Firewalls protect networks. You could use a firewall and a VPN to gain access to the other side of the firewall. – Ron Maupin Jan 03 '17 at 00:50