Can anyone tell me how to set up a simple filter using BPF that blocks all the packets coming from a given MAC address?
Thx a lot
Claudio
Scott Knake wrote:
iptables -t MANGLE -D PREROUTING 1. It was also mentioned earlier to configure BPF to drop the undesired packets.. what is wrong with this solution?
aWell,
In fact I really wanted my WLAN card set in promiscuous mode to drop all the packets coming from the other laptop, this means that I wanted
somefilter BEFORE the promiscuos mode filter. And by the way: how do I cancel a rule from the PREROUTING chain? If I do the standard way, I get:
~ # iptables -D PREROUTING 1 iptables: No chain/target/match by that name
Thx
Claudio
Alistair Tonner wrote:
see inlined:
On November 30, 2004 07:53 am, Claudio Lavecchia wrote:
Hello People,
I have a little question:
I have two laptops that have 802.11 wireless cards. I am developing
wirelessapplication that essentially perform sniffing functions using
notcards in promiscuous mode. To test my code, I need those two laptops
addedto "see" each other (--> I do not want the wireless card of laptop A,
which is operating in promiscuous mode to process packets coming from
laptop B) and I tought to do it using iptables. so on laptop A i
athe following rule:
iptables -A INPUT -mac --mac-source MAC_ADDRESS_LAPTOP_B -j DROP
and on laptop B I added the rule:
iptables -A INPUT -mac --mac-source MAC_ADDRESS_LAPTOP_A -j DROP
I just executed my first tests and the feeling I got is that, for example, the wlan card of laptop B still passes through the packet coming from laptop A.
Can anyone confirm this analysis? If I am right, can anyone give me
will onlyUrrm.hint to possibly workaround this?
You are likely doing the filtering in the wrong pipe. These rules
Youdrop packets that are destined for the IP of the host they are on.
IptablesPROBABLY are trying to drop *all* traffic from the other laptop.
sniffercan do this at the IP layer, however you will STILL be able to see the
traffic across that card (from the other laptop) with any decent
gets theprogram since ip sniffers work below the IP layer, before iptables
addresspacket to filter. Most decent network sniffers, however, can do mac
better placesfiltering on input.
If you would like to have the traffic dropped anyway, there are
anywhereto put these rules, even though many are strongly against filtering
MAC_ADDRESS_LAPTOP_A -j \but in the filter table (including myself) the following would get the traffic off your iptables radar:
iptables -A PREROUTING -t mangle -m mac --mac-source
DROP
Although in truth I'm not sure that this is wise, it might serve your purposes.
Alistair Tonner RSO HP Unix support