[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Filtering on MAC with iptables



    In order to give the vermin trying to break into my computer a slight
additional handicap, I want to allow ssh access only from certain places.  
That's easy with computers whose IP's are fixed, but some people with
legitimate reason to log on have computers that get various IP numbers via
DHCP.  Possible cure(?): the iptables man page claims one may filter on
the source MAC address.  But that didn't seem to work on a RH7.2 system
with iptables-1.2.5-3 and kernel-smp-2.4.9-21 rpms.  The firewall blocked
IP's whose MAC was supposed to be accepted, and even just logging all
packets from a particular MAC didn't log anything when the corresponding
machine sent packets.  Is the source MAC address normally the hardware
ethernet card address of the same card as has the source IP, or is it
something else, like the MAC address of the last router to handle the
packet on its way across the internet?  Or should such filtering work if I
weren't doing something wrong?

-- 
Steven Yellin





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]