Use arptables for that, like arptables -A INPUT --src-mac <mac> --opcode 1 -j DROP arptables -A OUTPUT --dst-mac <mac> --opcode 1 -j DROP This way that mac won't know your mac address and won't be able to comunicate with you. But, a "very" good enough firewall, it is not necesary to filter destination mac, source mac is enough, arptables is good to stop somebody DDOS you (if he is in same L2 with you). On 4/28/05, Tobias DiPasquale <codeslinger@xxxxxxxxx> wrote: > On 4/28/05, Michael Tautschnig <michael.tautschnig@xxxxxxxxxxxxxxxxx> wrote: > > Could you please explain, why one would do that? IMHO the only possible use is > > an interface in promiscous mode. > > Not really. I know of a project that wanted this functionality in > order to be able to determine if the next hop was terminal, and if so, > do some IDS scanning on it. This was in the context of AODV-assembled > wireless LANs. > > -- > [ Tobias DiPasquale ] > 0x636f6465736c696e67657240676d61696c2e636f6d > > -- Bla bla
