Hi,
> You will see... I have a problem becuase I would like to filter
> packets sent by a concrete MAC address . Well, If I use iptables a
> ping sent by this MAC is filtered but the ping6 isn't. By the way, I
> have installed iptables-ipv6 package... but ip6tables looks as if it
> didn't allow options to filter a MAC.
> How could I filter all IPv6 packets from a concrete MAC address?
hoi:~# arp balu
Address HWtype HWaddress
balu.sch.bme.hu ether 08:00:20:85:9D:F4
hoi:~# ip6tables -A INPUT -m mac --mac-source 08:00:20:85:9D:F4
hoi:~# ip6tables -L -n -v
Chain INPUT (policy ACCEPT 6 packets, 496 bytes)
pkts bytes target prot opt in out source
destination
6 496 all * * ::/0
::/0 MAC 08:00:20:85:9D:F4
The MAC address match works the same way as in IPv4.
Btw, I've got some question!
Are You using native IPv6 backbone as I, too? or
Are You using tunnel to connect to the network?
In tunnel case:
What do You want to filter/match?
A packet from a virtual interface - it hasn't got MAC address!
A packet, which contains an encapsulated IPv6 packet:
this is an IPv4 packet, with protovol id 41 (and it has a MAC address)
You can match it like this (example):
iptables -A INPUT -p 41 -mac --mac-source 08:00:20:85:9D:F4
The MAC address will be Your router's MAC.
Regards,
kisza
--
Andras Kis-Szabo Security Development, Design and Audit
-------------------------/ Zorp, NetFilter and IPv6
[EMAIL PROTECTED] /---------------------------------------------->
