Hello Boryan, Thanks for you help Boryan. Please see http://www.netservers.co.uk/gpl/ this patch IPtables MAC/IP pair match This patch to help prevent users from: - users have not changed their IP address to conflict with or spoof others users - Users have not changed their MAC address (e.g. new network cards MAC spoofing or NAT) Friday, January 27, 2006, 9:17:48 PM, you wrote: > Iwan Fauzie wrote: >> Hello, >> >> I would like to patch mac/ip pair match, how to do that? any body help me >> > If you want to match IP against MAC address, then check the iptables's > _mac_ match: > # iptables -m mac -help > Example: rule for forwarding packets matching certain IP/MAC pair is: > # iptables -A FORWARD -s <IP _address> -m -mac --mac-source <MAC address>> -j ACCEPT > ... but if you want to "patch a match", then you need to specify a bit > more detailed what are you trying to do. > The _mac_ match exist into the default iptables source (./extensions) > e.g. you don't need to patch anything. Just install iptables and enable > the match inside your kernel's .config file (CONFIG_IP_NF_MATCH_MAC=y) > and finally recompile (and install) the new kernel. -- Best regards, Iwan mailto:iwan@xxxxxxxxxxxxx
