-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
I have a web server using RH 9, hosting nine or ten sites. I run most of the sites from here and have a firewall rule to allow my connections. (I'm using iptables and writing my rules, mostly, from O'Reilly's "Linux Security Cookbook.") However, we also have a freelance developer who works on a few sites, and he needs access to the server as well.
He's on a cable modem connection with an IP address assigned via DHCP; it's theoretically random but (as you all know) in actual fact he tends to hold a single IP address for months at a time. What I've done so far is write ACCEPT rules for his IP address, and change the rule when his IP changes. That can be a drag.
I know that iptables has the ability to filter by source MAC address, but the documentation I've read so far suggests that it's only useful for machines on the same subnet. Is this a technical limitation of IP filtering, or iptables in particular? Am I right to hope that MAC-address filtering might help me get my developer connected more consistently? What's the syntax I would use? So far, I have tried replacing the existing IP rule, something like this:
iptables -R INPUT 3 -m mac --mac-source 00:11:22:33:44:55 -p tcp -m tcp - --dport 22 -j ACCEPT
(obviously, I've fudged the MAC.) I get:
iptables: No chain/target/match by that name
Where am I off?
Thanks,
pjm -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (Darwin)
iD8DBQFAaEjMnRVGoRROKxIRAuOkAJ9K86Q8nkoqwwvjap1LthpqPXRrFACfdVMf w3EJUMecvqDMO4c0EBBJPg8= =lAtz -----END PGP SIGNATURE-----
-- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
