Yes. http://www.netfilter.org/documentation/HOWTO//packet-filtering-HOWTO-7.html#ss7.3 Scroll down to the section "Other Match Extensions" where you will find the mac match. Here's an example usage like you descibe iptables -A <chain> -m mac --mac-source ! <mac address> -j DROP Since you are either allowing it or not to all networks, you don't need the destination set. From the looks of it, you are only concerned about the mac address. Regards, Daniel On 6/9/06, Luis <itachi@cnt.uo.edu.cu> wrote:
hi there
i m setting some new rules in my firewall and i would like to know if ifs
dooable
the next thing
example iptables -a ! computermac-addrees -d anynetwork -j DROP
IS THAT doable?
-------------------------------------------------
Luis A. Rondon Paz
L I N U X .~. Admin intranet CNT
The Choice /V\ icq #132736035
of a GNU /( )\ itachi@cnt.uo.edu.cu
Generation ^^-^^ Santiago de cuba
UONET
-------------------------------------------------
--
To UNSUBSCRIBE, email to debian-firewall-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org