• There is NO official Otland's Discord server and NO official Otland's server list. The Otland's Staff does not manage any Discord server or server list. Moderators or administrator of any Discord server or server lists have NO connection to the Otland's Staff. Do not get scammed!

Linux IPTables - SSH Filter by MAC Address

potinho

Advanced OT User
Joined
Oct 11, 2009
Messages
1,444
Solutions
17
Reaction score
168
Location
Brazil
Hey guys,

Im using Ubuntu 18 and want to increase the security level of my server I'm trying to filter the SSH access logs only for authorized MAC, but I'm having difficulties. After use IPtables command bellow, i remove openssh full rule, but cannot connect on server. I already installed IPtables persistent and saved the settings after adding a rule. I'm using the command below :

/sbin/iptables -A INPUT -p tcp --destination-port 22 -m mac --mac-source XX:XXXX:XX:XX:XX -j ACCEPT


After then:

iptables-save > /etc/iptables/rules.v4

But rule is going to chain INPUT (policy DROP)
1648563979040.png
I need to allow few MAC ADDRESSES

I have this rules (working) used UFW, are in Chain OUTPUT (policy ACCEPT):

Chain ufw-user-input (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere multiport dports http,https /* 'dapp_Apache%20Full' */
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh /* 'dapp_OpenSSH' */
 
Last edited:
Solution
MAC addresses can be easily spoofed. If you want to increase the security of your server, you are going about this the wrong way. Generate SSH keys and configure your server to only allow key based login (i.e. disable password auth and rate limit SSH connection attempts). You will be much more secure that way.
Sounds like an overkill thing to do, the simpler solution would be to just drop password authentication and use key based authentication. It's totally impractical to attempt to bruteforce a SSH key. The worst that could happen is that someone steals the key from your PC, and if that happens you have bigger issues.
 
MAC address is not transferred over internet, so you cannot filter anything by MAC. MAC filters are available in iptables, but you can use them only to filter connections in local network (ex. Wi-Fi).

MAC address for all connections from internet will be MAC of router closest to your dedic.

I don't use any iptables for SSH port. I always install fail2ban, which bans IP for too many invalid login attempts.
 
MAC addresses can be easily spoofed. If you want to increase the security of your server, you are going about this the wrong way. Generate SSH keys and configure your server to only allow key based login (i.e. disable password auth and rate limit SSH connection attempts). You will be much more secure that way.
 
Solution
MAC addresses can be easily spoofed. If you want to increase the security of your server, you are going about this the wrong way. Generate SSH keys and configure your server to only allow key based login (i.e. disable password auth and rate limit SSH connection attempts). You will be much more secure that way.
done that, thanks!
 
Back
Top