Hello everyone,
I have a system running redhat with kernel 2.4.26 and iptables 1.2.1a that is a routing firewall. If I use the mac-source extension to match packets from the internal network (a workstation for which this system is the gateway) it works fine, but it won't match packets originating from the outside world. The rule I use is this:
iptables -A FORWARD -m mac --mac-source 00:00:00:00:00:00 -j ACCEPT
It could be me, I may be completely misunderstanding how this is supposed to work. I am by no means a guru.... any help would be appreciated, thanks!
Please excuse me if I've misunderstood what you're doing, but this is what occurs to me first...
You say that your machine is running a firewall? That means it's filtering traffic arriving from the outside world, which I presume means that it's connected to a cable modem/DSL/T-1/etc.
MAC addresses (almost) never survive more than one hop. If a packet is traveling to your LAN from a server on the other side of the country, the MAC address of that server will never be observed at your firewall. In fact, it's probably the case that *ALL* the packets arriving at your firewall have the same source MAC address - the MAC address of the first router upstream from you.
So, it's certainly possible for your firewall to match incoming traffic by MAC address, but it is also almost certainly useless to do so.
I hope that helps.
