iptables mac destination filtering
yuzg at nanjing-fnst.com
Thu Apr 28 12:03:52 CEST 2005
For simply, this is because netfilter is working on IP layer.
----- Original Message -----
> I suppose it is because you do NOT know the destination MAC address. The
> dest MAC address is found out first when the packets get out of iptables and
> go to the NIC. Besides - you cannot find out the MAC address of the host
> that is reachable over i.e. 3 hops. Recall the OSI layer system and it
> should be clear.
> I think I am not wrong here. If so, please correct me.
> Edvin Seferovic
> -----Original Message-----
> From: netfilter-bounces at lists.netfilter.org
> [mailto:netfilter-bounces at lists.netfilter.org] On Behalf Of Thomas Turquois
> Sent: Donnerstag, 28. April 2005 11:40
> To: netfilter at lists.netfilter.org
> Subject: iptables mac destination filtering
> I would like to know why it's not possible to filter on mac destination
> address with iptables.
More information about the netfilter