What I understood: if I create a group and I add MAC of my devices, I can choose the group in the source field of the rule, and all devices in that rule will access to that rule and follow the behavior… correct?
Now… the real example:
created a VPN in my router Fritxbox, NOT in ipfire. By the way: ipfire is linked to one LAN-port of Fritz.
installed the same VPN access in both android and iphone mobile
created a group in ipfire, assigning only android mac address. Iphone is out.
IN the rule:
a. selected the group in the source field.
b. set the NAT → RED
c. set the IP and the port in the Raspberry for destination
I activate VPN in both mobiles.
Both mobiles are working fine, reaching the destination server, despite the restriction imposed in the group.
My expectation: only android working. Iphone NOT.
Which and where is my mistake?
I’m not so confident with iptables rule… but I try… looking also to the man page of iptables:
In the start section of firewall.local i put, something like:
iptables -A CUSTOMPREROUTING -d 192.168.x.x/32 -p tcp -m tcp --dport x -m mac --mac-source xx -m limit --limit 10/sec --limit-burst 20 -j LOG --log-prefix "CUSTOMPREROUTING "
iptables -A CUSTOMPREROUTING -d x.x/32 -p tcp -m tcp --dport x-m mac --mac-source x -j ACCEPT
correct?
have I to write this 2 rules for every mac I have? or can I enter the name of the ipfire group… somewhere?
have I to enter also something in stop and reload section?
thx
vincenzo