MAC address block for pppoe clients

raktim · July 11, 2009, 11:35am

i want to block MAC address for pppoe clients. i m using V3.13.

// chain=forward action=drop src-mac-address=00:21:27:C6:3B:8C Not working…

Any idea???

thnxs,
raktim

galaxynet · July 13, 2009, 1:55pm

raktim -

First - upgrade to ROS 3.24, and be sure to upgrade the firmware as well after the ROS upgrade.

Second, try dropping them in the pre-routing chain instead of the forward chain.

R/

raktim · July 15, 2009, 10:28am

how can i sure that firmware is upgraded??? & what is the way to upgrade the firmware in x86 machine???
There is no prerouting option in filter rules. Do i need mark the connection first in Mangle???

thnxs,
raktim

Chupaka · July 15, 2009, 11:26am

there’s no RouterBOARD firmware on x86 =)

if you want completely block PPPoE client of your router - do it in ‘input’ chain, not ‘forward’

raktim · July 22, 2009, 12:30pm

Not working, still logged in from this MAC.

Flags: X - disabled, I - invalid, D - dynamic
0 ;;; test
chain=input action=drop src-mac-address=00:21:27:C6:3B:8C

mrz · July 22, 2009, 12:33pm

pppoe is layer2, ip firewall can block only layer3.

To block layer2 traffic you can use bridge filters.

Chupaka · July 22, 2009, 2:02pm

oops… really =)