IPtable filter by mac address

i know it is possiable to use a mac address as a filter. But is this a reliable way to filter external traffic ?

Thanks for your thoughts/suggestions.

Reply to
jbogins
Loading thread data ...

Yes

No - use 'tcpdump -env' (man tcpdump) and see why. The MAC address that you see in a packet header are those of the systems directly connected to your system. Thus, packets from outside your net will have the source MAC address of the NIC of the router connected on your side of the box. If you want to block packets from the outside using the MAC address, it's simpler to just turn off the router - same result.

The 'iptables -A INPUT -m mac --mac-source XX:XX:XX:XX:XX:XX -j DROP' line would be useful where the host you want to ignore is using DHCP to get a random address. Otherwise, making a selection based on IP address remains the best choice.

Old guy

Reply to
Moe Trin

In article , wrote: :i know it is possiable to use a mac address as a filter. :But is this a reliable way to filter external traffic ?

Nothing to do with MAC address is "reliable" for security.

MAC addresses are erased by every router hop, so at most you'd be filtering against local traffic.

MAC addresses are easy to spoof.

Reply to
Walter Roberson

No, not at all. Like most of network addresses, MAC addresses can be faked very easily.

Yours, VB.

Reply to
Volker Birk

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.