firewall ignore the rule
Jason Opperisano
opie at 817west.com
Thu Jul 14 04:01:55 CEST 2005
On Thu, Jul 14, 2005 at 09:55:23AM +0800, liyas_m m wrote:
> i have done that and checked with ethereal..still that source address
> is not blocked. It is still broadcasting ARP packets..a lot.
iptables/netfilter operates at layer 3. therefore, packets generated or
received at layer 2 cannot be blocked with iptables/netfilter.
ethereal/iptraf operate at the BPF layer (layer 2), and arp packets are
layer 2 as well.
iptables/netfilter is not at fault; you have an invalid testing
methodology.
-j
--
"Peter: Brian, there's a message in my Alpha Bits. It says "OOOOOO".
Brian: Peter, those are Cheerios."
--Family Guy
More information about the netfilter
mailing list