netfilter and MAC filtering

Tags:

System Config and Admin

I have a very simple problem to solve: I want only "valid" MAC addresses to come out of my eth0.

The reason is because I use vmware to run some Windows virtual machines. The host computer runs Etch. Each virtual machine have its own MAC addresse for each virtual network adapter. No problem here.

I just want nothing from the virtual machines go throught eth0. But throught tun0 or whatever is okay.

I first tested to just filter the virtual machine's IP with the following rule for netfilter:
iptables --table filter --append OUTPUT --out-interface eth0 --source $BAD_IP --protocol all --jump DROP
But some packets go throught eth0. I think this is because some packets don't have ip address in them (for example, packets to link IP and MAC addresses).

Well, okay. I then tested the following rule:
iptables --table filter --append FORWARD --out-interface eth0 --mac-source $BAD_MAC --jump DROP
and I get an error message. So bad.
---> iptables v1.3.6: Unknown arg `--mac-source'
The man page (man iptables, on the same computer) describe the --mac-source option.

1 - what the fxxk with --mac-source ?
2 - how can I tell Etch to block $BAD_MAC on eth0 ?

Bookmark/Search this post with:

Average:

Login or register to post comments

Re: netfilter and MAC filtering

Submitted by Matt on Fri, 2008-04-04 18:53.

Apparently you have to put "-m mac" before "--mac-source".

»

Login or register to post comments

Articles posted and comments submitted are © by the person who posted them and are licensed under the Creative Commons License, Attribution-ShareAlike 2.5. All trademarks are "owned" by their "owners". Other copyrighted works are used with permission or for educational use under Fair Use. The rest of this site is Copyright © Spartacus Systems LLC 2000-2008.

Powered by Debian GNU/Linux!

Useful Debian Links

• Debian Weekly News - Essential reading for any Debian fan. • Documentation - Debian's own authoritative documentation, including installation docs. • FAQ - Got questions about Debian GNU/Linux? • From Windows to Debian - Tips for converting from Windows to Debian GNU/Linux • Package of the Day. • Security - Security information and alerts! • Bug System - Bug tracking and instructions on reporting bugs. • CD Images - Where/how to get Debian GNU/Linux CD images. • Mailing List Subscription - Dozens of Debian-specific support mailing lists! • Mailing List Archives - Searchable archives of Debian's mailing lists. • Free Software Guidelines - Learn Debian's idea of what "free" software really is. • Package Listings - A very valuable tool: searchable, integrated with bug reports. • Apt-Get Sources - Sources for *.debs which are not official Debian packages. • Backports - Unofficial new software packages that have been "back-ported" to work with the Debian stable/official release. • Developer's Corner - Info about the people behind Debian, policies, and how to package *.deb files.