redirect of banned users in firewall

the table `macs` have a field `mac` which identifies the banned computer, and a field `status` which identifies the state of the computer.

to redirect the users:
<pre>
for mac in $( echo "SELECT mac FROM macs WHERE status='banned';" | mysql -u fwuser bannedusers | grep -v mac ); do
        iptables -t nat -A PREROUTING -i eth1 -p tcp -d ! 10.0.0.1 -m mac --mac-source $mac --dport 80 -j REDIRECT --to-port 8080
done
</pre>

access are restricted to hosts other than the local (10.0.0.1)
Such connections are directed to port 8080 on the local machine.

on port 8080 a virtualhost runs with index.php that redirects to example.org/banned.php and a ErrorDocument 404 directive that also points at example.org/banned.php. (and thus catches subdirs and other pages in the original request)

index.php:
<pre>
<?
header("Location: http://example.org/banned.php");
?>
</pre>

.htaccess:
<pre>
ErrorDocument 404 http://example.org/banned.php
</pre>

virtualhost:
<pre>
<VirtualHost 10.0.0.1:8080>
    DocumentRoot /var/www-banned/
    ServerName gateway.example.org
</VirtualHost>

<Directory /var/www-banned/>
    Options Indexes Includes FollowSymLinks MultiViews

    AllowOverride All

    Order allow,deny
    Allow from all
</Directory>
</pre>

remember:
<pre>
Listen 80
Listen 8080
</pre>
in httpd.conf