Firewall Wizards mailing list archives
Re: MAC ADDRESS FILTER
From: William Stearns <wstearns () pobox com>
Date: Sat, 28 Oct 2000 18:20:46 -0400 (EDT)
Good day, Tiago, On Sat, 28 Oct 2000, Tiago de Castro Nogueira wrote:
I work in Sao Paulo, Brazil, in a ISP, and in our site we have a Linux Server (Conectiva Linux - A Brazilian version of Red Hat Linux). We need to limit the packet input in this Server based on the source MAC Address of the packet. Unfortunately, we have no way to filter the packets based in the source IP Address :(. We need a MAC Address filter, where only the MAC's in a Access List can access the services on this Linux server. Is there a Linux feature, or a software, or anyone that knows the Linux Kernel and can give us some tips on how to develop that kind of filter?
You're in luck! The firewall code (iptables) include in the linux 2.3 and 2.4 kernel series includes the ability to filter on source MAC address. It's just another test like the source/dest ip/port, etc. tests. To use it you'll need to use the linux 2.4 kernel series (which you'll need to compile yourself; see ftp.kernel.org) and the iptables program (included in Connectiva Linux 5.1). The 2.4 kernels are not considered ready for final release, but I've been pleasantly surprised with their performance and general stability. I've also been really happy with the fact that iptables is now stateful; the firewalls you create with it can be _much_ simpler and simultaneously _more_ secure. More information on iptables can be found at the Netfilter mirrors (Netfilter is the low level framework that supports iptables). Mirrors are at http://www.samba.org/netfilter (although this one seems to be unavailable at the moment) and http://netfilter.kernelnotes.org . There's a mailing list for questions and a HOWTO that will give you an overview of the project. Best of luck! Cheers, - Bill --------------------------------------------------------------------------- The thing that I suspect matters most is that Telsa is more important to me than sitting in front of a computer reading email. - Alan Cox -------------------------------------------------------------------------- William Stearns (wstearns () pobox com). Mason, Buildkernel, named2hosts, and ipfwadm2ipchains are at: http://www.pobox.com/~wstearns LinuxMonth; articles for Linux Enthusiasts! http://www.linuxmonth.com -------------------------------------------------------------------------- _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: MAC ADDRESS FILTER Camiel Dobbelaar (Oct 31)
- <Possible follow-ups>
- Re: MAC ADDRESS FILTER William Stearns (Oct 31)
- Re: MAC ADDRESS FILTER Luca Berra (Oct 31)
- Re: MAC ADDRESS FILTER R. DuFresne (Oct 31)