iptables rule that allows to connect to ssh from the outside with mac validation

ajcg Published at Dev

ajcg

I try to connect from outside my network to my ssh server, but I want to restrict this connection only to my mac address

this rule work:

iptables -t mangle -A PREROUTING -p tcp --dport 22 -j ACCEPT

However none of this rules work for me:

iptables -t mangle -A PREROUTING -m mac --mac-source 2c:fd:a1:zz:xx:yy -p tcp --dport 22 -j ACCEPT
iptables -t nat -A PREROUTING -m mac --mac-source 2c:fd:a1:zz:xx:yy -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -m mac --mac-source 2c:fd:a1:zz:xx:yy -p tcp --dport 22 -j ACCEPT
iptables -A FORWARD -m mac --mac-source 2c:fd:a1:zz:xx:yy -p tcp --dport 22 -j ACCEPT

What should I do to protect ssh by mac validation?

PD: I know that SSH is a TCP/IP protocol, and only listen to an IP address, not a mac address, but I have read in some forums that it is possible to do it, but they do not explain the way. I also know that there are other ways to protect ssh, such as "port knocking", "keys instead of password", etc, etc., and that macs addresses can be falsified. But still I want to know how i can validate the entry by ssh using mac validation

Yurko

A server/device can see only mac addresses of other devices in local network, but not devices behind a router.

So if one device can directly connect another - they see macs of each other. But if one device should go through a router to connect another device (not switch or wifi switch, but router facing your two devices using different network interfaces), they cannot see macs of each other.

a) In this case devices can see macs of each other

(device1) <---\
                ----- (switch or wifi point)
(device2) <---/

b) In this case (device1) can see only mac of (ISP router), not of (device 2)

(device1) <-----> (ISP router) <-----> (device2)

So based on macs you can configure who can connect to your wifi point, because it's about local network and direct connections.

But you have no ideas about macs of devices trying to come to your network from a remote location, in such scenarios knowing that remote devices macs is useless.

Does it make sense?

Collected from the Internet

Please contact [email protected] to delete if infringement.

edited at2021-04-10

Comments

0 comments

TOP Ranking

Article

iptables rule that allows to connect to ssh from the outside with mac validation

iptables rule that allows to connect to ssh from the outside with mac validation

pump.io port in URL

How to import an asset in swift using Bundle.main.path() in a react-native native module

Failed to listen on localhost:8000 (reason: Cannot assign requested address)

Inner Loop design for webscrapping

Can't pre-populate phone number and message body in SMS link on iPhones when SMS app is not running in the background

mysql.connector.errors.InterfaceError: 2003: Can't connect to MySQL server on '127.0.0.1:3306' (111 Connection refused)

Removed zsh, but forgot to change shell back to bash, and now Ubuntu crashes (wsl)

ggplotly no applicable method for 'plotly_build' applied to an object of class "NULL" if statements

How to run blender on webserver?

Resetting Value of <input type="time"> in Firefox

Converting a class method to a property with a backing field

Ambiguous use of 'init' with CFStringTransform and Swift 3

Execute ./script.sh with a crontab

How to set tab order for array of cluster,where cluster elements have different data types in LabVIEW?

How to pass data to the ng2-bs3-modal?

Retrieve Element Tag Value XML Using Bash

Spring Boot JPA PostgreSQL Web App - Internal Authentication Error

SQL Server : need add a dot before two last character

Making Array From Page Elements in jQuery

Laravel's ORM sync with timestamps doesn't update timestamps

Do animations stop css changes after animation completion?