Re: iptables MAC addresses

["Ing. Otto Marroquin" <otto@celera.net>]

Jim Popovitch wrote:
> On Mon, Aug 25, 2008 at 4:02 PM, Stefano Cislaghi <s.cislaghi@gmail.com> wrote:
>   
> > 2008/8/25 Jim Popovitch <yahoo@jimpop.com>:
> >     
> > > Hi,
> > >
> > > I'm using iptables -j LOG to log blocked/throttled connections.  These
> > > log entries contain the source and destination MAC addresses... which
> > > will always be the MAC addrs of the single apache box and it's
> > > upstream switch. ;-)   Is there any way to tell iptables to *not* log
> > > MAC addresses?
> > >       
> > You should use argv:
> >
> >  --mac-source !address
> >     
>
> :-)  Perhaps I wasn't clear enough.  I do want the log entries... I
> just don't want the log entries to contain the MAC addresses (which
> are useless to me because they are the same regardless of where the IP
> traffic.   The host has 1 interface attached to an upstream Foundry,
> so the MACs will always be the same.
>
> -Jim P.
>
>
>   
I dont see how to do it with iptables without postprocessing or changing 
the source code...
because you don't need all the output from iptables..

Sorry for replying to this thread with another topic; I didn't realize it.


begin:vcard
fn:Ing. Otto Marroquin
n:Marroquin;Ing. Otto
org:Celera Networks;Tech Support
adr:Oficina 202;;Diag 6 13-08 Zona 10;Guatemala;Guatemala;01010;Guatemala
email;internet:otto@celera.net
title:Celera Networks
tel;work:502.2385-5246
x-mozilla-html:FALSE
url:www.celera.net
version:2.1
end:vcard