iptables: blocking SAMBA traffic, but allowing from specific MAC addresses

My god, it took me hours to configure the following setup. I want to block SAMBA traffic to all other clients, but allow them from specific hosts by MAC address:

1/ I keep the INPUT chain to policy ACCEPT
2/ I allow traffic on specific MAC address

$ iptables -A INPUT --protocol tcp --destination-port 135:139 -m mac --mac-source ##REPLACE_BY_YOUR_MAC_ADDRESS## -j ACCEPT
$ iptables -A INPUT --protocol tcp --source-port 135:139 -m mac --mac-source ##REPLACE_BY_YOUR_MAC_ADDRESS## -j ACCEPT
$ iptables -A INPUT --protocol udp --destination-port 135:139 -m mac --mac-source ##REPLACE_BY_YOUR_MAC_ADDRESS## -j ACCEPT
$ iptables -A INPUT --protocol udp --source-port 135:139 -m mac --mac-source ##REPLACE_BY_YOUR_MAC_ADDRESS## -j ACCEPT
$ iptables -A INPUT --protocol tcp --destination-port 445 -m mac --mac-source ##REPLACE_BY_YOUR_MAC_ADDRESS## -j ACCEPT
$ iptables -A INPUT --protocol tcp --source-port 445 -m mac --mac-source ##REPLACE_BY_YOUR_MAC_ADDRESS## -j ACCEPT
$ iptables -A INPUT --protocol udp --destination-port 445 -m mac --mac-source ##REPLACE_BY_YOUR_MAC_ADDRESS## -j ACCEPT
$ iptables -A INPUT --protocol udp --source-port 445 -m mac --mac-source ##REPLACE_BY_YOUR_MAC_ADDRESS## -j ACCEPT

3/ I deny all other traffic

$ iptables -A INPUT --protocol tcp --destination-port 135:139 -j DROP
$ iptables -A INPUT --protocol tcp --source-port 135:139 -j DROP
$ iptables -A INPUT --protocol udp --destination-port 135:139 -j DROP
$ iptables -A INPUT --protocol udp --source-port 135:139 -j DROP
$ iptables -A INPUT --protocol tcp --destination-port 445 -j DROP
$ iptables -A INPUT --protocol tcp --source-port 445 -j DROP
$ iptables -A INPUT --protocol udp --destination-port 445 -j DROP
$ iptables -A INPUT --protocol udp --source-port 445 -j DROP

Add new comment

Your name

The content of this field is kept private and will not be shown publicly.

Homepage

Notify me when new comments are posted

All comments

Replies to my comment

Comment

About text formats

Full HTML

Lines and paragraphs break automatically.
You can caption images (data-caption="Text"), but also videos, blockquotes, and so on.
Web page addresses and email addresses turn into links automatically.
You can enable syntax highlighting of source code with the following tags: <code>, <blockcode>, <bash>, <cpp>, <css>, <html5>, <java>, <javascript>, <php>, <sql>, <xml>. The supported tag styles are: <foo>, [foo].

CAPTCHA

This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.

• Converting (resizing) video's in Java with Xuggler	54
• Changing the time/clock in a Citroen C3 (2006)	35
• Drop all tables in Oracle DB (scheme)	33
• Installing Trac 1.0.1 on Windows 8.1 + configuring Subversion repository	22
• VMWare Fusion and sending a backslash to your Windows installation	21
• Adding DYMO LabelWriter 400 as network printer on DYMO Label 8.3	21
• Ecocheques	18
• Outlook Add-in for Skype meeting always gets disabled after restarting Outlook 2013	18
• [Lifetime] Oefensessie Dark Race	18
• Rotating Apache HTTPD access.log and error.log on Windows	16