> On 2. Mar 2018, at 12:04, Karel Lang AFD <[log in to unmask]> wrote:
> 
> Hello guys,
> 
> stumbled on weird thing today - wanted to setup some iptables rules based on 'mac address' and iptables failed to start.
> 
> cat /etc/redhat-release
> Scientific Linux release 7.4 (Nitrogen)
> 
> iptables --version
> iptables v1.4.21
> 
> yum list all | grep iptables
> iptables.x86_64                         1.4.21-18.2.el7_4 @sl-fastbugs
> iptables-services.x86_64                1.4.21-18.2.el7_4 @sl-fastbugs
> iptables-utils.x86_64                   1.4.21-18.2.el7_4 @sl-fastbugs
> 
> 
> what happens:
> after adding simple rule to '/etc/sysconfig/iptables':
> *filter
> -A INPUT -m mac --mac-source 52-54-00-6f-04-51 -j ACCEPT
> 
> 
> it refuses to start after 'systemctl restart iptables' and the 'journalctl -xe' says:
> 
> Error occurred at line: XX and thats' it
> 
> 
> 
> If i add the same simple rule to the SL 6.9 iptables rules, it works without problem..
> 
> Anyone stumled upon this, only thing i can think of is, that it is not compiled in standard kernel ..

It is.

> Thanks for any input - i tried to lookup things at search engines, but so far no light ..ehh.

Try reading the manual page ;-)

"Match source MAC address. It must be of the form XX:XX:XX:XX:XX:XX"