-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Wakko Warner : > Keep me in CC. > > I'd like to request that the mac match not be allowed in the FORWARD chain > as it does not function the way that some may think. > > The tests I've performed indicate that the match will match the MAC address > of the transmitting interface (not what one would expect if attempting to > allow based on the mac address of the sender and blocking all other packets) > > I'd like to hear comments about this. If it is not fesable to do this, I'd > recommend adding text to the man page so that others do not fall into the > same problem I did. > > I have already worked around this problem in my setup. MAC address is some concept in the link layer , so how do you get the packet sender mac if the packet is routed to your box through some other routers ? -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFPB8L7tZp58UCwyMRAthwAKDXi4s4YznMzB58lEAYcn/QD5cHrACgo6/I KvAaZB7hBiqKaJt7AE4duxs= =znkf -----END PGP SIGNATURE-----
