Rob, do you know the actual status of ipset "mac only" module? Someone has told me that it is being developed... I tried to make this work with mac_ip module and using "0.0.0.0/0" to match the mac address with any ip, but, it didnt worked... -- Att... Ricardo Felipe Klein klein.rfk@xxxxxxxxx On Fri, Jun 28, 2013 at 8:19 PM, /dev/rob0 <rob0@xxxxxxxxx> wrote: > On Fri, Jun 28, 2013 at 11:01:10AM -0400, Nick Khamis wrote: >> Is it possible to have a MySQL backed IPTables? > > No, network packets need to be handled in real time. Your SQL query > would take too long. > >> What we are trying to accomplish is having our clients supply us >> with a mac address (or ip), and we would let them through our core >> network. This would be done automatically on our website i.e.: >> >> * User logs into the website, and provides mac address >> * We insert the record in the database as an allow rule... > > Sounds like a job for ipset(8). > >> * Restart iptables? > > Restart? What does that mean? iptables is not a daemon. > -- > http://rob0.nodns4.us/ -- system administration and consulting > Offlist GMX mail is seen only if "/dev/rob0" is in the Subject: > -- > To unsubscribe from this list: send the line "unsubscribe netfilter" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
