Anthony is correct. Google it and you'll find numerous examples: http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&safe=off&q=forg e+MAC+address+nic Despite this fact, however, you don't seem to be using your imagination. I've always preferred it when security people were just a little more paranoid: Imagine a scenario where some form of unknown attack is used to kill your 'router' and turn one of your connected PC's into a 'router' instead. In that case, you would probably wish you had used scenario #2... With #2 a dead router means no internet, and that might actually be a good thing - in an ostrich sort of way. Bob -----Original Message----- From: netfilter-admin@xxxxxxxxxxxxxxxxxxx [mailto:netfilter-admin@xxxxxxxxxxxxxxxxxxx]On Behalf Of Sasa Stupar Sent: Monday, March 01, 2004 8:25 AM To: Netfilter-List Subject: Re: Security question But with the MAC/IP filtering I can restrict access to the router. So anyone who is not in the MAC table for accept it will be refused. I don't think that it is possible to forge MAC address of nic, or am I wrong? Sasa
