Le lundi 13 mars 2006 à 16:23 +0200, Steve Comfort a écrit : > I have been trying to get MAC address filtering to work on our wireless > card - so far without success : You should describe the problem. What's not working ? Everything goes through ? Nothing goes through ? > for M in $(cat /etc/mac.allow) ; do > $IPT -A INPUT -i $WIFI_IF -m mac --mac-source ! $M -j DROP > done Probable typo here. Do you mean /etc/mac.deny ? Another hint that comes to mind. Do you really want to filter traffic destined to this particular box, which is what you do using INPUT chain ? If you want to filter traffic going through the box, you have to use FORWARD chain. > Is it in fact possible to filter on MAC addresses over a WiFi interface, > or am I doing something stupid? Yes it is possible, but you have to consider the fact that MAC filtering is a very limited feature on y WiFi network. MAC spoofing is very easy (ifconfig $WIFI_IF hw ether $NEW_MAC) on most drivers and does not cause any problem or conflict as long as you don't use the IP the guy you're spoofing does. Thus, you MAC filter can be bypassed very easily... -- http://sid.rstack.org/ PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE >> Hi! I'm your friendly neighbourhood signature virus. >> Copy me to your signature file and help me spread!
