> > furthermore, iptables is capable to filter ethernet frames and > > packets thru the combination of mac and ip address.. for example > > allow this packet if the source ip address and the source mac > > address are equal to your value otherwise drop it... >
to block traffic destined to your proxy on port 3128, source ip 192.168.1.2 and mac addr of aa:bb:cc:dd:ee:ff, you can blcok that in iptables at the prerouting chain: iptables -A PREROUTING -t mangle -m mac --mac-source \ aa:bb:cc:dd:ee:ff -s 192.168.1.2 -p tcp --dport 3128 -j DROP or to bind the ip 192.168.1.3 to aa:bb:cc:dd:ee:xx: iptables -A PREROUTING -t mangle -m mac --mac-source ! \ aa:bb:cc:dd:ee:xx -s 192.168.1.3 -j DROP but then, like others have just said, mac can be easily spoofed.. gudluck. -- Edelbert S. Mania CISP/NOC -- Philippine Linux Users' Group (PLUG) Mailing List [EMAIL PROTECTED] (#PLUG @ irc.free.net.ph) Official Website: http://plug.linux.org.ph Searchable Archives: http://marc.free.net.ph . To leave, go to http://lists.q-linux.com/mailman/listinfo/plug . Are you a Linux newbie? To join the newbie list, go to http://lists.q-linux.com/mailman/listinfo/ph-linux-newbie
