Help

NetBoot filtering on the NetBoot/SUS appliance

suleymantwana
New Contributor III

Posted on ‎08-06-2012 07:24 AM

Is there any way we could do Mac Address NetBoot filtering on the NetBoot/SUS appliance?

0 Kudos
2 REPLIES 2

localhorst
Contributor

Posted on ‎08-08-2012 03:19 PM

Have you considered using iptables?

Just use for each host's ethernet address an allow line:

/sbin/iptables -A INPUT -p tcp --destination-port $PortToBlock -m mac --mac-source 01:23:45:67:89:AB -j ACCEPT

and further down a

/sbin/iptables -A INPUT -p tcp --destination-port $PortToBlock -j DROP

for every service you would like to filter using ethernet addresses.

0 Kudos

bauerwoodsey
New Contributor

Posted on ‎08-09-2012 06:35 AM

I tried iptables but it didn't seem to stop filtered out Macs from seeing the netboot server.

What we've found works is to change the file /var/appliance/conf/dhcpd.conf

If you change the class definition from this:

class "AppleNBI-i386" {
match if substring (option vendor-class-identifier, 0, 14) = "AAPLBSDPC/i386";

To this:

match if (substring (option vendor-class-identifier, 0, 14) = "AAPLBSDPC/i386") and (
        binary-to-ascii (16,8,":",substring(hardware, 0, 7)) = "1:c4:2c:03:27:20:4f" or
        binary-to-ascii (16,8,":",substring(hardware, 0, 7)) = "1:00:1f:5b:3e:66:3c"
        );

You can add additional lines for each MAC address you want to allow to see and boot from the appliance.

0 Kudos