iptables mac address filtering
Les Mikesell
lesmikesell at gmail.com
Sun Sep 24 03:43:03 UTC 2006
On Sat, 2006-09-23 at 22:13, Negative wrote:
> This may be a dumb question but is it possible to use an iptables rule
> for mac address filtering to allow vnc access from a particular
> machine to one in the office when I'm traveling. That means I'll be
> using various kinds of internet access that I cannot know in advance
> (dhcp ip's, etc.) I tried using the client laptop's macaddress like
> this:
>
> I tried iptables -I INPUT 9 -m mac --mac-source macaddr -m state
> --state NEW -p tcp --dport 5901:5906 -j ACCEPT
>
> But it appears that the server is getting a mac address from my ISP
> rathere than the originating machine or even my dsl router. If I
> remove the mac match, I connect just fine. And if I use a machine on
> the same network, I can use the rule above.
The M in MAC stands for media, with the point being that
it only lives on that particular media - in this case the
local ethernet subnet. When a packet is forwarded through
a router the ethernet frame is replaced by each new
sending interface.
--
Les Mikesell
lesmikesell at gmail.com
More information about the fedora-list
mailing list