In a previous post, we have shown you how to lock MAC address and IP in Mikrotik. The goal of this task is to prevent users from changing their workstation’s IP address to break policy rules.
In case you use Linux operating system as the router in your office, instead of using Mikrotik, you can do the same with Mikrotik. That means you can block any IP address coming from different source of MAC address in Linux OS.
In Linux we can easily do this by using ‘iptables’ tool. Using your favorite shell, type the command below in the command line:
iptables -A INPUT -s A.B.C.D -i eth0 -m mac ! --mac-source 1A:2B:3C:4D:5E:6F -j DROP
The command above simply means that if there is a packet from IP address A.B.C.D with the MAC address is not 1A:2B:3C:4D:5E:6F, then drop / block the connection packet.
If you still accept the incoming packets but only drop the forwarding packets, replace the INPUT with FORWARD. So the command would be like below:
iptables -A INPUT -s A.B.C.D -i eth0 -m mac ! --mac-source 1A:2B:3C:4D:5E:6F -j DROP
Yeah. It’s easy to lock MAC address with IP in Linux.