wierdness with iptables

[Wayne Pinette]

Ok, I have a rule in my iptables which is basically this  :

-A -m mac --mac-source <macaddress A> -j ACCEPT
-A -j REJECT


The idea being if I come in from a machine with mac address A it will
accept it. Well, this does not work.
Everything is rejected, so I added this : 


-A -m mac --mac-source <macaddress A> -j LOG
-A -m mac --mac-source <macaddress A> -j ACCEPT
-A -j REJECT

and tried to ssh into the box.  Nothing showed up in the log files.  so
then I did this : 

-A -m mac --mac-source ! <macaddress A> -j LOG
-A -m mac --mac-source <macaddress A> -j ACCEPT
-A -j REJECT

and sure enough I get stuff in the log file, but what I get is : 

<machine name> kernel: IN:eth0 OUT- MAC=<macaddress of server>:<a bunch
more hex numbers> SRC=<ip number of client machine> DST = <ip number of
this machine> ...... etc

So my question is, why is the source mac address not working, and more
importantly, any ideas as to why
the source mac address seems to always be based off the mac address of
my actual server, not the client connecting?
Or do I have the mac-source element of iptables completely wrong?

Wayner