MAC addresses

Jason Opperisano opie at
Sun Sep 12 00:23:30 CEST 2004

On Sat, 2004-09-11 at 14:50, Darren Kirby wrote:
> Are MAC addresses unique for all ethernet cards? 

theoretically, yes.

> What I would like to know is 
> could I use this rule to allow ssh connections ONLY from my notebook no 
> matter what its current IP address happens to be, and drop all other 
> connection requests?

yes--as long as "notebook" and "ssh server" are on the same network.

keep in mind--nothing prevents "badguy" from configuring his NIC to have
the same MAC as your "notebook"

if you're worried about security of "ssh server"--disable
PasswordAuthentication and only allow RSAAuthentication and/or

stealing your IP and MAC is much more likely than someone stealing your
private key (hopefully).

you could also create a reservation for your MAC in the DHCP server, and
filter based upon your (now) fixed IP.


Jason Opperisano <opie at>

More information about the netfilter mailing list