* iptables and mac filtering
@ 2006-04-08 8:21 vlad f halilow
2006-04-08 9:39 ` Oleg
2006-04-08 16:14 ` Robert Nichols
0 siblings, 2 replies; 3+ messages in thread
From: vlad f halilow @ 2006-04-08 8:21 UTC (permalink / raw)
To: netfilter
Hi there. Please help with strange issuse. I have debian woody with
2.6.12 kernel + iptables.1.3.3. (unstable) under vmware workstation. I
try to block connection to my PPPoE server (rp-pppoe) by mac-address of
client. something like
#iptables -I INPUT -m mac --mac-source blablag -j DROP
. Line inserted showed by iptables -L -v -n but not block any IP-less
requests from address specified. Ping or any IP protocols blocking
success, but pppoe discovery, exchange and traffic pass the filter
wthout any problem with no rule countr increment. How i can fix this
thing? Or what i to do wrong?
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: iptables and mac filtering
2006-04-08 8:21 iptables and mac filtering vlad f halilow
@ 2006-04-08 9:39 ` Oleg
2006-04-08 16:14 ` Robert Nichols
1 sibling, 0 replies; 3+ messages in thread
From: Oleg @ 2006-04-08 9:39 UTC (permalink / raw)
To: netfilter
> . Line inserted showed by iptables -L -v -n but not block any IP-less
> requests from address specified. Ping or any IP protocols blocking
> success, but pppoe discovery, exchange and traffic pass the filter
> wthout any problem with no rule countr increment. How i can fix this
> thing? Or what i to do wrong?
IPTables is IP filtering tool, you should look at arptables for any 3 layer
protocol MAC-filtering.
--
Best regards, Oleg
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: iptables and mac filtering
2006-04-08 8:21 iptables and mac filtering vlad f halilow
2006-04-08 9:39 ` Oleg
@ 2006-04-08 16:14 ` Robert Nichols
1 sibling, 0 replies; 3+ messages in thread
From: Robert Nichols @ 2006-04-08 16:14 UTC (permalink / raw)
To: netfilter
vlad f halilow wrote:
>
> Hi there. Please help with strange issuse. I have debian woody with
> 2.6.12 kernel + iptables.1.3.3. (unstable) under vmware workstation. I
> try to block connection to my PPPoE server (rp-pppoe) by mac-address of
> client. something like
>
> #iptables -I INPUT -m mac --mac-source blablag -j DROP
>
> . Line inserted showed by iptables -L -v -n but not block any IP-less
> requests from address specified. Ping or any IP protocols blocking
> success, but pppoe discovery, exchange and traffic pass the filter
> wthout any problem with no rule countr increment. How i can fix this
> thing? Or what i to do wrong?
You said it yourself. These are IP-less requests. They never make
it up to the protocol levels where iptables operates. Yes, iptables
can match on MAC addresses, but if the packet is handled entirely
at the Data Link layer (MAC sublevel), iptables will never see it.
--
Bob Nichols Yes, "NOSPAM" is really part of my email address.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2006-04-08 16:14 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2006-04-08 8:21 iptables and mac filtering vlad f halilow
2006-04-08 9:39 ` Oleg
2006-04-08 16:14 ` Robert Nichols
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.