[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] MAC address filtering ?
You can do such ACL on a cisco router. FW-1 sits on top of the datalink (DL) layer, which means it doesn't look at Layer 2 information (MAC & LLC). If the kernel DL drivers support MAC based ACLs then you might be able to do this, however I don't recollect the linux kernel supporting this functionality. /etc/ethers is used for reverse arps. George > -----Original Message----- > From: LEFEVRE David [SMTP:[email protected]] > Sent: Monday, April 23, 2001 7:51 AM > To: fw1 > Subject: [FW1] MAC address filtering ? > > Does anyone know if it is possible to filter incoming packets on the mac > address instead of IP address ? > > I'd like to allow access only to some workstations and not to others. > My FW is a linux box with FW-1 v4.1, can I use the /etc/ethers file or > something else to do this ? > > Is it better to do this with linux directly or should I use FW-1 ? > > Thanks in advance. > > -- > David LEFEVRE > CARDIF - Architecture et Securite Operationnelle > [email protected] - Tel : 01 41 42 76 63 > > > _______________________________________________________________ > > Ce message et les pieces jointes, sont strictement confidentiels. Si vous > n'etes pas destinataire de ce message, merci d'en avertir immediatement > l'expediteur et de le detruire.Son integrite ne pouvant etre assuree, son > contenu ne peut engager la responsabilite de son emetteur.Toute > utilisation de ce message non conforme a sa destination, toute diffusion > ou toute publication, totale ou partielle,est interdite, sauf autorisation > expresse. > > _______________________________________________________________ > > > _____________________________________________________________________ IMPORTANT NOTICES: This message is intended only for the addressee. Please notify the sender by e-mail if you are not the intended recipient. If you are not the intended recipient, you may not copy, disclose, or distribute this message or its contents to any other person and any such actions may be unlawful. Banc of America Securities LLC("BAS") does not accept time sensitive, action-oriented messages or transaction orders, including orders to purchase or sell securities, via e-mail. BAS reserves the right to monitor and review the content of all messages sent to or from this e-mail address. Messages sent to or from this e-mail address may be stored on the BAS e-mail system. ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|