iptables mac destination filtering

Yu Zhiguo yuzg at nanjing-fnst.com
Thu Apr 28 12:27:57 CEST 2005


Hello,

    I think so ;)

----- Original Message ----- 



> Hi,
> 
> that is also what I wanted to say ;) Although netfilter is working on IP
> layer, packages that come in, contain the source MAC address of the sender
> so that is why for example the source MAC filtering works... right?
> 
> Regards,
> 
> Edvin Seferovic
> 
> -----Original Message-----
> From: Yu Zhiguo [mailto:yuzg at nanjing-fnst.com] 
> Sent: Donnerstag, 28. April 2005 12:04
> To: edvin.seferovic at kolp.at; netfilter at lists.netfilter.org
> Subject: Re: iptables mac destination filtering
> 
> Hello,
> 
>     For simply, this is because netfilter is working on IP layer.
> 
> 
> ----- Original Message ----- 
> 
> > Hi,
> > 
> > I suppose it is because you do NOT know the destination MAC address. The
> > dest MAC address is found out first when the packets get out of iptables
> and
> > go to the NIC. Besides - you cannot find out the MAC address of the host
> > that is reachable over i.e. 3 hops. Recall the OSI layer system and it
> > should be clear. 
> > 
> > I think I am not wrong here. If so, please correct me.
> > 
> > Regards,
> > 
> > Edvin Seferovic
> > 
> > -----Original Message-----
> > From: netfilter-bounces at lists.netfilter.org
> > [mailto:netfilter-bounces at lists.netfilter.org] On Behalf Of Thomas
> Turquois
> > Sent: Donnerstag, 28. April 2005 11:40
> > To: netfilter at lists.netfilter.org
> > Subject: iptables mac destination filtering
> > 
> > Hi,
> > 
> > I would like to know why it's not possible to filter on mac destination
> > address with iptables.
> > 
> > Thanks.
> > 
> > 
> > 
> 


More information about the netfilter mailing list