Hello,
I think so ;)
----- Original Message -----
> Hi,
>
> that is also what I wanted to say ;) Although netfilter is working on IP
> layer, packages that come in, contain the source MAC address of the sender
> so that is why for example the source MAC filtering works... right?
>
> Regards,
>
> Edvin Seferovic
>
> -----Original Message-----
> From: Yu Zhiguo [mailto:yuzg@xxxxxxxxxxxxxxxx]
> Sent: Donnerstag, 28. April 2005 12:04
> To: edvin.seferovic@xxxxxxx; netfilter@xxxxxxxxxxxxxxxxxxx
> Subject: Re: iptables mac destination filtering
>
> Hello,
>
> For simply, this is because netfilter is working on IP layer.
>
>
> ----- Original Message -----
>
> > Hi,
> >
> > I suppose it is because you do NOT know the destination MAC address. The
> > dest MAC address is found out first when the packets get out of iptables
> and
> > go to the NIC. Besides - you cannot find out the MAC address of the host
> > that is reachable over i.e. 3 hops. Recall the OSI layer system and it
> > should be clear.
> >
> > I think I am not wrong here. If so, please correct me.
> >
> > Regards,
> >
> > Edvin Seferovic
> >
> > -----Original Message-----
> > From: netfilter-bounces@xxxxxxxxxxxxxxxxxxx
> > [mailto:netfilter-bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of Thomas
> Turquois
> > Sent: Donnerstag, 28. April 2005 11:40
> > To: netfilter@xxxxxxxxxxxxxxxxxxx
> > Subject: iptables mac destination filtering
> >
> > Hi,
> >
> > I would like to know why it's not possible to filter on mac destination
> > address with iptables.
> >
> > Thanks.
> >
> >
> >
>
