iptables mac destination filtering

Seferovic Edvin edvin.seferovic at kolp.at
Thu Apr 28 12:14:21 CEST 2005


that is also what I wanted to say ;) Although netfilter is working on IP
layer, packages that come in, contain the source MAC address of the sender
so that is why for example the source MAC filtering works... right?


Edvin Seferovic

-----Original Message-----
From: Yu Zhiguo [mailto:yuzg at nanjing-fnst.com] 
Sent: Donnerstag, 28. April 2005 12:04
To: edvin.seferovic at kolp.at; netfilter at lists.netfilter.org
Subject: Re: iptables mac destination filtering


    For simply, this is because netfilter is working on IP layer.

----- Original Message ----- 

> Hi,
> I suppose it is because you do NOT know the destination MAC address. The
> dest MAC address is found out first when the packets get out of iptables
> go to the NIC. Besides - you cannot find out the MAC address of the host
> that is reachable over i.e. 3 hops. Recall the OSI layer system and it
> should be clear. 
> I think I am not wrong here. If so, please correct me.
> Regards,
> Edvin Seferovic
> -----Original Message-----
> From: netfilter-bounces at lists.netfilter.org
> [mailto:netfilter-bounces at lists.netfilter.org] On Behalf Of Thomas
> Sent: Donnerstag, 28. April 2005 11:40
> To: netfilter at lists.netfilter.org
> Subject: iptables mac destination filtering
> Hi,
> I would like to know why it's not possible to filter on mac destination
> address with iptables.
> Thanks.

More information about the netfilter mailing list