Subject: Re: MAC address based filtering
To: TiTi <firstname.lastname@example.org>
From: Mipam <email@example.com>
Date: 01/16/2003 15:36:38
On Thu, Jan 16, 2003 at 01:21:48PM +0100, TiTi wrote:
> Hi all.
> I'm wondering if there is a way to filter network packets
> based on their MAC address... ?
Well i didnt exactly filter, but what i did in my dmz was this:
and went to arplookup()
in there is: rt = rtalloc1.....
and replaced it with rt = 0; :-)
Then i recompiled the kernel source.
After a reboot i inserted static entries in the arp table.
This resulted in that new entries couldn't be learned anymore.
So, a kind of static arp table, very usefull for my dmz :-)
Because i know exactly which machines are in the dmz
and how many interfaces they have and their mac's, i dont need
any crazy stuff like arp spoofing, might anyone be able to crack
a machine in there. Okay, this is not nicely done, but it worked fine for me.
It also not really mac filtering, but it was a solution for me at the time.