Re: mac-source matching - Patrick Turley

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Patrick Turley <pturley@rocksteady.com>
To: netfilter@lists.netfilter.org
Subject: Re: mac-source matching
Date: Mon, 26 Apr 2004 13:45:06 -0500	[thread overview]
Message-ID: <408D58B2.1040201@rocksteady.com> (raw)
In-Reply-To: <1083003321.408d51b9cea5e@webmail.bme.med.ualberta.ca>

Beau Sapach wrote:
> Hello everyone,
> 
> I have a system running redhat with kernel 2.4.26 and iptables 1.2.1a that is a 
> routing firewall.  If I use the mac-source extension to match packets from the 
> internal network (a workstation for which this system is the gateway) it works 
> fine, but it won't match packets originating from the outside world.  The rule 
> I use is this:
> 
> iptables -A FORWARD -m mac --mac-source 00:00:00:00:00:00 -j ACCEPT
> 
> It could be me, I may be completely misunderstanding how this is supposed to 
> work.  I am by no means a guru.... any help would be appreciated, thanks!

Please excuse me if I've misunderstood what you're doing, but this is 
what occurs to me first...

You say that your machine is running a firewall? That means it's 
filtering traffic arriving from the outside world, which I presume means 
that it's connected to a cable modem/DSL/T-1/etc.

MAC addresses (almost) never survive more than one hop. If a packet is 
traveling to your LAN from a server on the other side of the country, 
the MAC address of that server will never be observed at your firewall. 
In fact, it's probably the case that *ALL* the packets arriving at your 
firewall have the same source MAC address - the MAC address of the first 
router upstream from you.

So, it's certainly possible for your firewall to match incoming traffic 
by MAC address, but it is also almost certainly useless to do so.

I hope that helps.

     prev parent reply	other threads:[~2004-04-26 18:45 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2004-04-26 18:15 mac-source matching Beau Sapach
2004-04-26 18:45 ` Patrick Turley [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=408D58B2.1040201@rocksteady.com \
    --to=pturley@rocksteady.com \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.