Home page logo

firewall-wizards logo Firewall Wizards mailing list archives

From: William Stearns <wstearns () pobox com>
Date: Sat, 28 Oct 2000 18:20:46 -0400 (EDT)

Good day, Tiago,

On Sat, 28 Oct 2000, Tiago de Castro Nogueira wrote:

I work in Sao Paulo, Brazil, in a ISP, and in our site we have a Linux
Server (Conectiva Linux - A Brazilian version of Red Hat Linux). We need
to limit the packet input in this Server based on the source MAC Address
of the packet. Unfortunately, we have no way to filter the packets based
in the source IP Address :(. We need a MAC Address filter, where only
the MAC's in a Access List can access the services on this Linux server.
Is there a Linux feature, or a software, or anyone that knows the Linux
Kernel and can give us some tips on how to develop that kind of filter?

        You're in luck!
        The firewall code (iptables) include in the linux 2.3 and 2.4
kernel series includes the ability to filter on source MAC address.  It's
just another test like the source/dest ip/port, etc. tests.
        To use it you'll need to use the linux 2.4 kernel series (which
you'll need to compile yourself; see ftp.kernel.org) and the iptables
program (included in Connectiva Linux 5.1).  The 2.4 kernels are not
considered ready for final release, but I've been pleasantly surprised
with their performance and general stability.  I've also been really happy
with the fact that iptables is now stateful; the firewalls you create with
it can be _much_ simpler and simultaneously _more_ secure.
        More information on iptables can be found at the Netfilter mirrors
(Netfilter is the low level framework that supports iptables).  Mirrors
are at http://www.samba.org/netfilter (although this one seems to be
unavailable at the moment) and http://netfilter.kernelnotes.org .  
There's a mailing list for questions and a HOWTO that will give you an
overview of the project.
        Best of luck!
        - Bill

        The thing that I suspect matters most is that Telsa is more 
important to me than sitting in front of a computer reading email. 
        - Alan Cox
William Stearns (wstearns () pobox com).  Mason, Buildkernel, named2hosts, 
and ipfwadm2ipchains are at:                http://www.pobox.com/~wstearns
LinuxMonth; articles for Linux Enthusiasts! http://www.linuxmonth.com

firewall-wizards mailing list
firewall-wizards () nfr com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]