Re: iptables block mac

MDK wrote:
well how would you block out ppl then? most if not all the users here are NOT IT geeks and will never be it, they can hardly set their email servers correctly.

Old Guy covered it fairly well. Good network and change management to ensure unused network ports are not used. You can do this with MAC filtering on a switch but that does not make it good policy to control access on a router. A good logging encrypted proxy. Obviously, you have to tell your users you are logging. Any administrative servers should be completely inaccesible from the rest of the network.
Clear acceptable use policy. Users MUST be made aware of what they can and can't do on your network. You must make users responsible for their actions, if not, the network OWNER may be held accountable - it would depend on the laws in your country.

Don't think for one second that because not many of your users are technically proficient that you will have no problems. You only need one technically proficient user to tell the rest of them or one inquisitive user to do the research. It sounds as though your userbase may be well versed in research.