[Comm] ipchains + фильтрация по макам

Чт Июл 22 13:21:13 MSD 2004

Alexey S. Kuznetsov пишет:

> 
> ну я понимаю...она отслеживает.....есть ли аналог, если нет iptables
> такой кооманде:
> iptables -I input -s 192.168.5.117 -d 192.168.5.1 -m mac --mac-source 00:0a:00:00:00:01 -j ACCEPT
> 
> 
Можно вручную задать соответствие MAC и IP:
man arp
/skip
  -s hostname hw_addr, --set hostname
               Manually create an ARP address mapping entry for  host 
hostname
               with hardware address set to hw_addr class, but for most 
classes
               one can assume that the usual presentation can be used. 
For the
               Ethernet  class,  this  is  6 bytes in hexadecimal, 
separated by
               colons. When adding proxy arp entries (that is  those 
with  the
               publish  flag  set  a  netmask may be specified to proxy 
arp for
               entire subnets. This is not good practice, but is 
supported  by
               older  kernels because it can be useful. If the temp flag 
is not
               supplied entries will be permanent stored into the ARP cache.
               NOTE: As of kernel 2.2.0 it is no longer possible to set 
an  ARP
               entry  for  an entire subnet. Linux instead does 
automagic proxy
               arp when a route exists and it is  forwarding.  See 
arp(7)  for
               details.