iptables mac destination filtering

Yu Zhiguo yuzg at nanjing-fnst.com
Thu Apr 28 12:03:52 CEST 2005


Hello,

    For simply, this is because netfilter is working on IP layer.


----- Original Message ----- 

> Hi,
> 
> I suppose it is because you do NOT know the destination MAC address. The
> dest MAC address is found out first when the packets get out of iptables and
> go to the NIC. Besides - you cannot find out the MAC address of the host
> that is reachable over i.e. 3 hops. Recall the OSI layer system and it
> should be clear. 
> 
> I think I am not wrong here. If so, please correct me.
> 
> Regards,
> 
> Edvin Seferovic
> 
> -----Original Message-----
> From: netfilter-bounces at lists.netfilter.org
> [mailto:netfilter-bounces at lists.netfilter.org] On Behalf Of Thomas Turquois
> Sent: Donnerstag, 28. April 2005 11:40
> To: netfilter at lists.netfilter.org
> Subject: iptables mac destination filtering
> 
> Hi,
> 
> I would like to know why it's not possible to filter on mac destination
> address with iptables.
> 
> Thanks.
> 
> 
> 


More information about the netfilter mailing list