iptables mac destination filtering
George Alexandru Dragoi
waruiinu at gmail.com
Sat Apr 30 09:18:08 CEST 2005
Use arptables for that, like
arptables -A INPUT --src-mac <mac> --opcode 1 -j DROP
arptables -A OUTPUT --dst-mac <mac> --opcode 1 -j DROP
This way that mac won't know your mac address and won't be able to
comunicate with you. But, a "very" good enough firewall, it is not
necesary to filter destination mac, source mac is enough, arptables is
good to stop somebody DDOS you (if he is in same L2 with you).
On 4/28/05, Tobias DiPasquale <codeslinger at gmail.com> wrote:
> On 4/28/05, Michael Tautschnig <michael.tautschnig at zt-consulting.com> wrote:
> > Could you please explain, why one would do that? IMHO the only possible use is
> > an interface in promiscous mode.
> Not really. I know of a project that wanted this functionality in
> order to be able to determine if the next hop was terminal, and if so,
> do some IDS scanning on it. This was in the context of AODV-assembled
> wireless LANs.
> [ Tobias DiPasquale ]
More information about the netfilter