Use iptables:<br><br><a href="http://www.cyberciti.biz/tips/iptables-mac-address-filtering.html">http://www.cyberciti.biz/tips/iptables-mac-address-filtering.html</a><br><br><p>
GUI tools and scripts exist to help you with the configuration of ipchains. See:
      </p>
      <ul><li><a href="http://www.linux-kheops.com/pub/easyfw/">EasyFw</a> - Tcl/Tk - RPM available from web site. 
    <br>
          <small>RPM installs command: <tt>/usr/local/bin/easyfw</tt></small>
        </li><li><a href="http://firestarter.sourceforge.net/">Firestarter</a>
- Configuration of firewall and real-time hit monitor for the Gnome
desktop. Configures ipchains (kernel 2.2) and iptables (kernel 2.4)
</li><li><a href="http://www.fwbuilder.org/">Firewall Builder</a> - iptables,  ipfilter and OpenBSD PF. (GTK--)
        </li></ul>

      <p>
Included with Red Hat 7.x is the Gnome GUI tool gnome-lokkit. (ipchains)
      </p>
      <p>
Tools for iptables configuration:
      </p>
      <ul><li><a href="http://www.webmin.com/webmin/">Webmin</a> - Linux web admin tool
        </li><li><a href="http://shorewall.sourceforge.net/">Shorewall</a> 
        </li><li><a href="http://www.knowplace.org/netfilter/narc.html">NARC: Netfilter Automatic Rule Configurator</a>
        </li></ul><br>What is your distro?  <br><br>Webmin might assist you the easiest?  <br><br>But basically, an iptable is a text file.<br>iptables is daemon that runs.<br>you can save the tables to text on the fly:<br>
<br>iptables-save &gt;/root/tablesfiles<br><br>without saving them forever and edit them to look something like (change for your ports and your mac addresses) this very basic version: <br><br><pre class="alt2" dir="ltr" style="border: 1px inset ; margin: 0px; padding: 6px; overflow: auto; width: 640px; height: 66px; text-align: left;">
# Generated by iptables-save v1.4.1.1 on Tue May  5 17:50:52 2009<br>*filter<br>:INPUT ACCEPT [0:0]<br>:FORWARD ACCEPT [0:0]<br>:OUTPUT ACCEPT [373535:34202389]<br>-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT <br>
-A INPUT -m mac --mac-source 00:14:BF:7A:4D:2D -j ACCEPT<br>-A INPUT -m mac --mac-source 00:18:DE:A5:00:41 -j ACCEPT<br>-A INPUT -j DROP<br>-A INPUT -p icmp -j ACCEPT <br>-A INPUT -i lo -j ACCEPT <br>-A INPUT -j REJECT --reject-with icmp-host-prohibited <br>
-A INPUT -s <a href="http://127.0.0.1/32">127.0.0.1/32</a> -p tcp -m tcp --dport 3306 -j ACCEPT <br>-A INPUT -s <a href="http://127.0.0.1/32">127.0.0.1/32</a> -p tcp -m tcp --dport 25 -j ACCEPT <br>-A INPUT -s <a href="http://204.13.248.71/32">204.13.248.71/32</a> -p tcp -m tcp --dport 2525 -j ACCEPT <br>
-A INPUT -s <a href="http://192.168.1.0/24">192.168.1.0/24</a> -p tcp -m tcp --dport 3306 -j DROP <br>-A INPUT -s <a href="http://127.0.0.1/32">127.0.0.1/32</a> -p udp -m udp --dport 68 -j ACCEPT <br>-A INPUT -s <a href="http://192.168.1.1/32">192.168.1.1/32</a> -p udp -m udp --dport 68 -j ACCEPT <br>
-A INPUT -s <a href="http://192.168.1.0/24">192.168.1.0/24</a> -p tcp -m tcp --dport 22 -j ACCEPT<br>-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j DROP <br>-A INPUT -s <a href="http://127.0.0.1/32">127.0.0.1/32</a> -p udp -m udp --dport 123 -j ACCEPT <br>
-A INPUT -s <a href="http://192.168.1.0/24">192.168.1.0/24</a> -p udp -m udp --dport 123 -j ACCEPT <br>-A INPUT -s <a href="http://127.0.0.1/32">127.0.0.1/32</a> -p udp -m udp --dport 631 -j DROP <br>-A INPUT -s <a href="http://192.168.1.0/24">192.168.1.0/24</a> -p udp -m udp --dport 631 -j DROP <br>
-A INPUT -s <a href="http://127.0.0.1/32">127.0.0.1/32</a> -p udp -m udp --dport 52421 -j DROP <br>-A INPUT -s <a href="http://192.168.1.0/24">192.168.1.0/24</a> -p udp -m udp --dport 52421 -j DROP <br>-A INPUT -s <a href="http://192.168.2.0/24">192.168.2.0/24</a> -p tcp -m tcp -j DROP <br>
-A INPUT -s <a href="http://192.168.2.0/24">192.168.2.0/24</a> -p udp -m udp -j DROP <br>-A INPUT -p tcp -m tcp --dport 3306 -j REJECT --reject-with icmp-port-unreachable <br>-A INPUT -p udp -m udp --dport 68 -j REJECT --reject-with icmp-port-unreachable <br>
-A INPUT -p udp -m udp --dport 123 -j REJECT --reject-with icmp-port-unreachable <br>-A INPUT -p udp -m udp --dport 631 -j REJECT --reject-with icmp-port-unreachable <br>-A INPUT -p udp -m udp --dport 52421 -j REJECT --reject-with icmp-port-unreachable <br>
-A FORWARD -j REJECT --reject-with icmp-host-prohibited <br>COMMIT<br># Completed on Tue May  5 17:50:52 2009<br><br></pre><br><br><br><pre class="alt2" dir="ltr" style="border: 1px inset ; margin: 0px; padding: 6px; overflow: auto; width: 640px; height: 66px; text-align: left;">
# /sbin/iptables-restore &lt;/root/tablesfiles<br># /etc/init.d/iptables save<br># chkconfig iptables on on</pre>
<br><div class="gmail_quote">On Tue, May 5, 2009 at 5:30 PM, wayne <span dir="ltr">&lt;<a href="mailto:waydavis@cox.net">waydavis@cox.net</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
I have a situation where I will want to prevent individuals from<br>
connecting to my server based on their MAC id.  I&#39;ve not selected<br>
ANYTHING yet... suggestions?    A nice GUI frontend would be cool. :-)<br>
(Kubuntu 8.04.2)<br>
<br>
---------------------------------------------------<br>
PLUG-discuss mailing list - <a href="mailto:PLUG-discuss@lists.plug.phoenix.az.us">PLUG-discuss@lists.plug.phoenix.az.us</a><br>
To subscribe, unsubscribe, or to change your mail settings:<br>
<a href="http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss" target="_blank">http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss</a><br>
</blockquote></div><br><br clear="all"><br>-- <br><a href="http://www.obnosis.com">www.obnosis.com</a> (503)754-4452<br>&quot;Contradictions do not exist.&quot; A. Rand<br>