* [Thu, May 16, 2013 at 04:28:04PM -0700] Ryan Hiebert:
I also thought of a 3, but I'm not sure if its reasonable or possible:
3. Get iptables or similar to log unknown mac/ip pairs that it sees.
Maybe you can use arptables for this. But I would go for the easiest
path: just log any NEW (allowed) forwarded connection.
-A FORWARD -i ${if_in} -m state --state NEW -j LOG
(or -m conntrack --ctstate NEW ) then postprocess the logs when needed
or use -j ULOG|NFLOG for fancy things.
This way you have the (MAC) originator for every "established"
connection.
Ciao,
Gian Piero.
--
To UNSUBSCRIBE, email to debian-firewall-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20130517064611.ga17...@caimano.fdc.rm-rf.it
