On Sat, Aug 17, 2002 at 12:26:28AM -0400, Jefferson Ogata wrote: > >>Caveat: I am not advocating MAC filtering in IP Filter. But there's more > >>to it than you are allowing here... > > > > > >The UNIX idea: Small tools each doing a small number of tasks (preferably > >one) well. Also leads to less bugs due to small amounts of code per tool. > > > >Things like IP-Tables which do everything under the sun (and then some) are > >just too large a lump of code. > > Thank you for your opinion, Doctor. Hmm.. Wasn't meant to be spiteful. I was actually agreeing with you... (Try re-reading it without being guarded.)
> >>Crist J. Clark wrote: > >If you want to do MAC address filtering, try using the right tool: > >http://www.bsdshell.net/hut_ethfw.html > > You don't rede too gude do you, Doctor? Like I said, I am not advocating > MAC filtering in IP Filter. Neither am I. > Anyway, the tool you point is specific to FreeBSD, and doesn't even address > the scenarios I cited, which you have conveniently snipped. ethfw, assuming > it even works, is ethernet-only. It doesn't appear to know anything about > IP. The scenarios I cited were ones where you need to verify that > particular IPs are associated with particular MAC addresses. You can't do > that with plain MAC filtering; you need to conjoin it with IP. ethfw is a too specifically for doing MAC filtering. I was adressing that concern. Mis-read the wish to link MAC address to IP. For that, I apologize. Paul
