On Fri, 11 Oct 2002, Dan Searle wrote: > Re, > > I've had a look at the linux/net/ipv4/netfilter/ipt_mac.c source and had a > thought... > > It wouldn't be too difficult to add an extra parameter to the mac match > module to allow masked matching, i.e. add a --mac-mask parameter which would > allow the user to specify a bit mask so that only the un-masked bits of the > 6 byte mac address were compared, e.g... > > iptables -A INPUT -m mac --mac-source 00:00:00:00:00:02 --mac-mask > 00:00:00:00:00:0F -j ACCEPT > > ...meaning that only the least significant 4 bits of the mac source are > compared against the specified mac source parameter. but how frequently would such a mask be used? after all, conventional wisdom suggests that, while you have the freedom to assign IP addresses any way you want, most people just have to work with the MAC addresses on the cards they're given. and if a card burns out and you replace it, the new MAC address may not be programmable. so i'm just curious -- aside from the original poster, how many others would take advantage of this feature? rday
