iptables allow remote connection by MAC?

[Parker Morse]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I have a web server using RH 9, hosting nine or ten sites. I run most 
of the sites from here and have a firewall rule to allow my 
connections. (I'm using iptables and writing my rules, mostly, from 
O'Reilly's "Linux Security Cookbook.") However, we also have a 
freelance developer who works on a few sites, and he needs access to 
the server as well.

He's on a cable modem connection with an IP address assigned via DHCP; 
it's theoretically random but (as you all know) in actual fact he tends 
to hold a single IP address for months at a time. What I've done so far 
is write ACCEPT rules for his IP address, and change the rule when his 
IP changes. That can be a drag.

I know that iptables has the ability to filter by source MAC address, 
but the documentation I've read so far suggests that it's only useful 
for machines on the same subnet. Is this a technical limitation of IP 
filtering, or iptables in particular? Am I right to hope that 
MAC-address filtering might help me get my developer connected more 
consistently? What's the syntax I would use? So far, I have tried 
replacing the existing IP rule, something like this:

iptables -R INPUT 3 -m mac --mac-source 00:11:22:33:44:55 -p tcp -m tcp 
- --dport 22 -j ACCEPT

(obviously, I've fudged the MAC.) I get:

iptables: No chain/target/match by that name

Where am I off?

Thanks,

pjm
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (Darwin)

iD8DBQFAaEjMnRVGoRROKxIRAuOkAJ9K86Q8nkoqwwvjap1LthpqPXRrFACfdVMf
w3EJUMecvqDMO4c0EBBJPg8=
=lAtz
-----END PGP SIGNATURE-----