Allowing access only some sites - onely some mac address
danderson at vikus.com
Tue Aug 30 16:44:14 CEST 2005
> -----Original Message-----
> From: netfilter-bounces at lists.netfilter.org
> [mailto:netfilter-bounces at lists.netfilter.org] On Behalf Of
> Jiann-Ming Su
> Sent: Tuesday, August 30, 2005 9:50 AM
> To: netfilter at lists.netfilter.org
> Subject: Re: Allowing access only some sites - onely some mac address
> On 8/29/05, Sebastião Antônio Campos (GWA)
> <sa.campos at datasulsp.com.br>
> > Dears,
> > I'd like to allow access only to some sites by some mac address.
> > For example:
> > I have a list of the mac address 00:0c:6E:11:E8:B0,
> > 00:E7:05:C9:07:EA............ and and I'd like that only these mac
> > address could access only the following IP: 22.214.171.124
> > <http://126.96.36.199>,
> > 188.8.131.52 <http://184.108.40.206>,
> > 220.127.116.11 <http://18.104.22.168>, 22.214.171.124
> > <http://126.96.36.199>,
> > 188.8.131.52 <http://184.108.40.206>,
> > But the other
> > mac address could access everything.
> IIRC, MAC addresses (layer 2) do not go beyond the router
> (layer 3). I think you can only do what you are proposing if
> all your boxes are behind the same broadcast domain.
> Jiann-Ming Su
> "I have to decide between two equally frightening options.
> If I wanted to do that, I'd vote." --Duckman
That is correct. When a packet passes through a router, it comes out the other side with the router's MAC, not the original computer's MAC. I imagine there's an RFC that goes along with this but I discovered it using MAC filtering on an iptables firewall about a year ago.
More information about the netfilter