From mboxrd@z Thu Jan 1 00:00:00 1970 From: Robert Nichols Subject: Re: iptables and mac filtering Date: Sat, 08 Apr 2006 11:14:44 -0500 Message-ID: References: <44377281.60706@ratel.ru> Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <44377281.60706@ratel.ru> List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: netfilter-bounces@lists.netfilter.org Errors-To: netfilter-bounces@lists.netfilter.org Content-Type: text/plain; charset="us-ascii"; format="flowed" To: netfilter@lists.netfilter.org vlad f halilow wrote: > > Hi there. Please help with strange issuse. I have debian woody with > 2.6.12 kernel + iptables.1.3.3. (unstable) under vmware workstation. I > try to block connection to my PPPoE server (rp-pppoe) by mac-address of > client. something like > > #iptables -I INPUT -m mac --mac-source blablag -j DROP > > . Line inserted showed by iptables -L -v -n but not block any IP-less > requests from address specified. Ping or any IP protocols blocking > success, but pppoe discovery, exchange and traffic pass the filter > wthout any problem with no rule countr increment. How i can fix this > thing? Or what i to do wrong? You said it yourself. These are IP-less requests. They never make it up to the protocol levels where iptables operates. Yes, iptables can match on MAC addresses, but if the packet is handled entirely at the Data Link layer (MAC sublevel), iptables will never see it. -- Bob Nichols Yes, "NOSPAM" is really part of my email address.