On 15.01.2010 21:44, Daniel Drake wrote: > I'm interested in setting up iptables filtering rules based on the OUI > (i.e. first 3 bytes) of the source MAC address. Is this possible? > > I see that there is a "mac" match extension but it only seems to > operate with full 6-byte addresses. I also looked at the u32 extension > but that only seems to operate on the TCP header, not on the ethernet > header. > > Any ideas/suggestions? ebtables(8) is usually the better tool to use for dealing with ethernet frames. Check if its --source and among matches fits. -- Eray -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
