From: Bart De Schuymer <bdschuym@pandora.be>
To: erwin.vandevelde@gmail.com
Cc: netfilter-devel@lists.netfilter.org, Martijn Lievaart <m@rtij.nl>
Subject: Re: MAC Filtering
Date: Wed, 05 Jan 2005 19:16:37 +0100 [thread overview]
Message-ID: <1104948997.3377.7.camel@localhost.localdomain> (raw)
In-Reply-To: <200501051712.18817.erwin.vandevelde@gmail.com>
Op wo, 05-01-2005 te 17:12 +0100, schreef Erwin Van de Velde:
> Hi,
>
> I don't want to bridge, I only said I have to when using ebtables. I need MAC
> filtering without bridging... I'm fully aware of the fact that iptables works
> on layer 3 and that MAC is layer 2, however if it can filter on source MAC
> addresses, why can't it filter on destination MAC addresses?
You can use ebtables without using a bridge as follows:
brctl addbr br0
brctl addif br0 eth0
ifconfig eth0 0.0.0.0
ifconfig br0 $IP_OF_ETH0_SIDE
brctl addbr br1
brctl addif br1 eth1
ifconfig eth1 0.0.0.0
ifconfig br1 $IP_OF_ETH1_SIDE
Change your routing table as needed. Your router thus uses brx instead
of ethx to transmit and receive packets. ebtables will see the packets,
so you can do
ebtables -A OUTPUT -d $A_MAC_ADDRESS -j <target>
If you only need to check the destination address in one direction, f.e.
traffic leaving on eth0, you only need one bridge (in this case only
br0), with the proper routing table.
The downside is that your performance will downgrade substantially,
because all traffic will be queued twice.
cheers,
Bart
next prev parent reply other threads:[~2005-01-05 18:16 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-01-05 13:25 MAC Filtering Erwin Van de Velde
[not found] ` <17648.213.236.112.75.1104937880.squirrel@213.236.112.75>
2005-01-05 16:12 ` Erwin Van de Velde
2005-01-05 16:22 ` Patrick Schaaf
2005-01-05 18:16 ` Bart De Schuymer [this message]
-- strict thread matches above, loose matches on Subject: below --
2010-04-21 3:55 mac filtering ratheesh k
2010-04-21 5:54 ` Marek Kierdelewicz
2010-04-21 7:49 ` Lars Nooden
2005-06-29 11:56 MAC filtering varun_saa
2005-06-29 15:58 ` Gustavo Castro Puig
2005-06-29 20:30 ` /dev/rob0
2005-06-14 20:55 MAC Filtering Claude Biron
2005-06-16 16:22 ` Charlie Brady
2004-01-14 23:58 Gopal Chandavarapu
2004-01-14 23:52 Gopal Chandavarapu
2004-01-21 13:55 ` Harald Welte
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1104948997.3377.7.camel@localhost.localdomain \
--to=bdschuym@pandora.be \
--cc=erwin.vandevelde@gmail.com \
--cc=m@rtij.nl \
--cc=netfilter-devel@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.