wierdness with iptables
Wayne Pinette
Wpinette at tru.ca
Mon Aug 22 16:18:32 UTC 2005
Ok, I have a rule in my iptables which is basically this :
-A -m mac --mac-source <macaddress A> -j ACCEPT
-A -j REJECT
The idea being if I come in from a machine with mac address A it will
accept it. Well, this does not work.
Everything is rejected, so I added this :
-A -m mac --mac-source <macaddress A> -j LOG
-A -m mac --mac-source <macaddress A> -j ACCEPT
-A -j REJECT
and tried to ssh into the box. Nothing showed up in the log files. so
then I did this :
-A -m mac --mac-source ! <macaddress A> -j LOG
-A -m mac --mac-source <macaddress A> -j ACCEPT
-A -j REJECT
and sure enough I get stuff in the log file, but what I get is :
<machine name> kernel: IN:eth0 OUT- MAC=<macaddress of server>:<a bunch
more hex numbers> SRC=<ip number of client machine> DST = <ip number of
this machine> ...... etc
So my question is, why is the source mac address not working, and more
importantly, any ideas as to why
the source mac address seems to always be based off the mac address of
my actual server, not the client connecting?
Or do I have the mac-source element of iptables completely wrong?
Wayner
More information about the redhat-list
mailing list