opie
New Around Here
Hi,
I'm trying to implement the ability to limit outbound routing of clients to only a select limited group of MAC addresses (~150 and counting). This is too large for the wireless mac filter.
I am building on the work done by a coworker for another location and it is working for him (Kong's DD-WRT build 31135M) He gave me a script which loads a list of mac-addresses and then builds an iptables chain to allow these specific ones in while denying all others. I'd rather stay on Merlin if possible. I appreciate that Kong is running Kernel Version: Linux 4.4.42.
I need the kernel module: xt_mac.ko to implement mac address filtering in iptables. While the source files appear on your github I can't find xt_mac.ko on the router.
Is this just a matter of setting up this module for export in the builds?
Is there a manual way to build and install it?
The below script is what I am trying to run in the .wanup script. It fails as follows:
insmod: can't insert 'xt_mac.ko': No such file or directory
Any help is greatly appreciated.
Thanks,
Opie
#start fresh
##Install the mac address filter module
insmod xt_mac
## zero counters, Flush rules and Delete extra chains
iptables -Z;
iptables -F;
iptables -X;
## Setup wanout CHAIN as FORWARD
iptables -N wanout
iptables -I FORWARD -i `nvram get lan_ifname` -j wanout
iptables -A wanout -m mac --mac-source XX:XX:XX:XX:XX:XX -j ACCEPT #my laptop
## Load Accepted clients from the maclist_file into the wanout chain
for MAC in `cat /jffs/etc/config/maclist_file`; do
iptables -A wanout -m mac --mac-source $MAC -j ACCEPT
done
## Drop everything else
iptables -A wanout -i `nvram get lan_ifname` -j DROP
I'm trying to implement the ability to limit outbound routing of clients to only a select limited group of MAC addresses (~150 and counting). This is too large for the wireless mac filter.
I am building on the work done by a coworker for another location and it is working for him (Kong's DD-WRT build 31135M) He gave me a script which loads a list of mac-addresses and then builds an iptables chain to allow these specific ones in while denying all others. I'd rather stay on Merlin if possible. I appreciate that Kong is running Kernel Version: Linux 4.4.42.
I need the kernel module: xt_mac.ko to implement mac address filtering in iptables. While the source files appear on your github I can't find xt_mac.ko on the router.
Is this just a matter of setting up this module for export in the builds?
Is there a manual way to build and install it?
The below script is what I am trying to run in the .wanup script. It fails as follows:
insmod: can't insert 'xt_mac.ko': No such file or directory
Any help is greatly appreciated.
Thanks,
Opie
#start fresh
##Install the mac address filter module
insmod xt_mac
## zero counters, Flush rules and Delete extra chains
iptables -Z;
iptables -F;
iptables -X;
## Setup wanout CHAIN as FORWARD
iptables -N wanout
iptables -I FORWARD -i `nvram get lan_ifname` -j wanout
iptables -A wanout -m mac --mac-source XX:XX:XX:XX:XX:XX -j ACCEPT #my laptop
## Load Accepted clients from the maclist_file into the wanout chain
for MAC in `cat /jffs/etc/config/maclist_file`; do
iptables -A wanout -m mac --mac-source $MAC -j ACCEPT
done
## Drop everything else
iptables -A wanout -i `nvram get lan_ifname` -j DROP