-2

i have dos attack on server Jul 21 16:20:42 sip kernel: [151675.053103] Firewall: TCP_IN Blocked IN=eth0 OUT=eth0 MAC=00:24:21:ef:2d:5f:00:21:59:c5:74:4e:08:00 SRC=78.87.201.181 DST=188.40.114.228 LEN=48 TOS=0x00 PREC=0x00 TTL=110 ID=44313 DF PROTO=TCP SPT=4858 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0

it is possible to block mac adress on debian ? this adress 00:24:21:ef:2d:5f:00:21:59:c5:74:4e:08:00

i tested this iptables but do not work, : # iptables -A INPUT -m mac --mac-source 00:24:21:ef:2d:5f:00:21:59:c5:74:4e:08:00 -j DROP iptables v1.4.14: ether Try `iptables -h' or 'iptables --help' for more information.

mahan
  • 1
  • 1
  • 1
    I think you'll get (more) help if you post this question over at [ServerFault](http://serverfault.com/). Stack Overflow is for programming questions only and your question is related to network administration, not programming. – djikay Jul 21 '14 at 15:47

1 Answers1

0
MAC=00:24:21:ef:2d:5f:00:21:59:c5:74:4e:08:00

This is not a single MAC address. In fact this is the destination MAC, the source MAC and the frame type pieced together. 

DEST MAC: 00:24:21:ef:2d:5f
SOURCE MAC: 00:21:59:c5:74:4e
FRAME TYPE: 08:00

If you really want to filter on the MAC address you can use:

iptables -A INPUT -m mac --mac-source 00:21:59:c5:74:4e -j DROP

But note that this is very likely to drop all packets comming from your router (or to what ever device that MAC address belongs to).

I would recommend to filter on the source IP address instead.

mofoe
  • 3,634
  • 1
  • 16
  • 16