Hi, that is also what I wanted to say ;) Although netfilter is working on IP layer, packages that come in, contain the source MAC address of the sender so that is why for example the source MAC filtering works... right? Regards, Edvin Seferovic -----Original Message----- From: Yu Zhiguo [mailto:yuzg@xxxxxxxxxxxxxxxx] Sent: Donnerstag, 28. April 2005 12:04 To: edvin.seferovic@xxxxxxx; netfilter@xxxxxxxxxxxxxxxxxxx Subject: Re: iptables mac destination filtering Hello, For simply, this is because netfilter is working on IP layer. ----- Original Message ----- > Hi, > > I suppose it is because you do NOT know the destination MAC address. The > dest MAC address is found out first when the packets get out of iptables and > go to the NIC. Besides - you cannot find out the MAC address of the host > that is reachable over i.e. 3 hops. Recall the OSI layer system and it > should be clear. > > I think I am not wrong here. If so, please correct me. > > Regards, > > Edvin Seferovic > > -----Original Message----- > From: netfilter-bounces@xxxxxxxxxxxxxxxxxxx > [mailto:netfilter-bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of Thomas Turquois > Sent: Donnerstag, 28. April 2005 11:40 > To: netfilter@xxxxxxxxxxxxxxxxxxx > Subject: iptables mac destination filtering > > Hi, > > I would like to know why it's not possible to filter on mac destination > address with iptables. > > Thanks. > > >
