At 08:38 AM 10/30/02 -0800, Tom Eastep wrote:
[...]Ah, I missed that. So you'd do a series of forward-chain rules something like the prototype below (combined with a policy or a final rule that DENYs everything not listed)?
Actually, iptables DOES support filtering by source MAC address and in Shorewall 1.3.10 (Beta available now), it is possible to do exactly what Sanyarin is asking for.
iptables -I FORWARD 1 --mac 12:34:56:78:9A:BC -s a.b.c.d -i eth1 -j ACCEPT
Is that about the right idea? (For a scripted equivalent that gets the list of MAC/IP pairs from a table, of course, not literally a file full of these rules.)
--
-------------------------------------------"Never tell me the odds!"--------
Ray Olszewski -- Han Solo
Palo Alto, California, USA [EMAIL PROTECTED]
-------------------------------------------------------------------------------
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
