On Tue, 2010-04-27 at 07:58 +0100, Dr Andrew C Aitchison wrote: > [ Don't forget that anyone with admin right on a machine can change the mac > address - see eg http://www.topbits.com/how-to-change-a-mac-address.html > ] >
> iptables has options to allow packets based on the source mac address > but, as I said, if the packet has been through a router since it left the > machine you wish to control then the address in the packet will not > belong to the machine you are interested in. Another option is to restrict by netmask and to hard-code all the MAC addresses in /etc/ethers, including dummy entires for any unused IP addresses. If you want real security buy a network access control device, $$. John