Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] MAC address filtering ?

To: "'LEFEVRE David'" <[email protected]>, fw1 <[email protected]>
Subject: RE: [FW1] MAC address filtering ?
From: "Juppunov, George" <[email protected]>
Date: Mon, 23 Apr 2001 13:55:23 -0700
Sender: [email protected]

You can do such ACL on a cisco router. FW-1 sits on top of the datalink (DL)
layer,
which means it doesn't look at Layer 2 information (MAC & LLC).

If the kernel DL drivers support MAC based ACLs then you might be able to do
this,
however I don't recollect the linux kernel supporting this functionality.

/etc/ethers is used for reverse arps.

George

> -----Original Message-----
> From:	LEFEVRE David [SMTP:[email protected]]
> Sent:	Monday, April 23, 2001 7:51 AM
> To:	fw1
> Subject:	[FW1] MAC address filtering ?
> 
> Does anyone know if it is possible to filter incoming packets on the mac 
> address instead of IP address ? 
> 
> I'd like to allow access only to some workstations and not to others. 
> My FW is a linux box with FW-1 v4.1, can I use the /etc/ethers file or 
> something else to do this ? 
> 
> Is it better to do this with linux directly or should I use FW-1 ? 
> 
> Thanks in advance. 
> 
> -- 
> David LEFEVRE 
> CARDIF - Architecture et Securite Operationnelle 
> [email protected] - Tel : 01 41 42 76 63 
> 
> 
> _______________________________________________________________ 
> 
> Ce message et les pieces jointes, sont strictement confidentiels. Si vous
> n'etes pas destinataire de ce message, merci d'en avertir immediatement
> l'expediteur et de le detruire.Son integrite ne pouvant etre assuree, son
> contenu ne peut engager la responsabilite de son emetteur.Toute
> utilisation de ce message non conforme a sa destination, toute diffusion
> ou toute publication, totale ou partielle,est interdite, sauf autorisation
> expresse.
> 
> _______________________________________________________________ 
> 
> 
> 
_____________________________________________________________________ 
IMPORTANT NOTICES: 
          This message is intended only for the addressee. Please notify the
sender by e-mail if you are not the intended recipient. If you are not the
intended recipient, you may not copy, disclose, or distribute this message
or its contents to any other person and any such actions may be unlawful.

         Banc of America Securities LLC("BAS") does not accept time
sensitive, action-oriented messages or transaction orders, including orders
to purchase or sell securities, via e-mail.

         BAS reserves the right to monitor and review the content of all
messages sent to or from this e-mail address. Messages sent to or from this
e-mail address may be stored on the BAS e-mail system.




================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: [FW1] VPN and NAT
Next by Date: [FW1] VPN products compatible with Firewall-1
Previous by thread: Re: [FW1] MAC address filtering ?
Next by thread: Re: [FW1] problems with uploading policies in distributed firewall set up - Gabriel
Index(es):
- Date
- Thread