i know it is possiable to use a mac address as a filter. But is this a reliable way to filter external traffic ?
Thanks for your thoughts/suggestions.
i know it is possiable to use a mac address as a filter. But is this a reliable way to filter external traffic ?
Thanks for your thoughts/suggestions.
Yes
No - use 'tcpdump -env' (man tcpdump) and see why. The MAC address that you see in a packet header are those of the systems directly connected to your system. Thus, packets from outside your net will have the source MAC address of the NIC of the router connected on your side of the box. If you want to block packets from the outside using the MAC address, it's simpler to just turn off the router - same result.
The 'iptables -A INPUT -m mac --mac-source XX:XX:XX:XX:XX:XX -j DROP' line would be useful where the host you want to ignore is using DHCP to get a random address. Otherwise, making a selection based on IP address remains the best choice.
Old guy
In article , wrote: :i know it is possiable to use a mac address as a filter. :But is this a reliable way to filter external traffic ?
Nothing to do with MAC address is "reliable" for security.
MAC addresses are erased by every router hop, so at most you'd be filtering against local traffic.
MAC addresses are easy to spoof.
No, not at all. Like most of network addresses, MAC addresses can be faked very easily.
Yours, VB.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.