>> The MAC address is only used on local links. The MAC address of a packet >> arriving at your firewall or perimeter router is that of the router at the >> other (ISP) end of your link. Our client application adds a P-Assertion to the SIP message indicating the mac of the requesting client. Now, I am not sure how we can tie that into "--src" of IPTables. As you rightfully pointed out, the source of the arriving packet will be irrelevant. Thanks for pointing that out. We can always manage this on our SIP servers, maybe that's the better place for it? If possible it would be nice to keep firewalling to IPTables... >> Does SIP handle roaming? If so, you'd almost need a SIP helper to track and >> update the client's IP. We handle roaming logic using our proxies. Kind Regards, N. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
