I have a iptable nat:ed network. My set up:
Code: Select all
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o "external nic" -j MASQUERADE
iptables -A FORWARD -i "external nic" -o "internal nic" -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i "internal nic" -o "external nic" -j ACCEPT
Now, to block a mac address from accessing the internet but still be able to talk to the NAT server where I have Zoneminder:
Code: Select all
iptables -I FORWARD 1 -m mac --mac-source "ipcam mac" -j DROP