On Wed, 19 Jan 2005 02:36:03 -0800 (PST), Linux Query
<linux_query@xxxxxxxxx> wrote:
>
> Hi all!
>
> I want to ensure that each of my clients can have
> access to the net only with the ip address which is
> specifically assigned to him / her. Is the following
> going to work ?
>
> iptables -I FORWARD -o externalinterface -s
> xx.xx.xx.xx -m mac --mac-source yy:yy:yy:yy:yy -j
> ACCEPT
>
> or is it required to be done in some other way ?
>
You already received advice on how it can be done. I'll just add here
that you should not forget that changing one's MAC address is as easy
as changing an IP address. Many people blindly believe it is not
possible or hard to change a MAC address but it is in fact very easy.
So all you can do is really force an IP/MAC pair, but you cannot
prevent that someone impersonates another system that is also allowed
to communicate.
--
C U
- -- ---- ----- -----/\/ René Gallati \/\---- ----- --- -- -
