Re: [Comm] ipchains + фильтрация по макам

ALT Linux Community general discussions
 help / color / mirror / Atom feed

From: Gennadiy Redko <uit1@zaz.zp.ua>
To: community@altlinux.ru
Subject: Re: [Comm] ipchains + фильтрация по макам
Date: Thu, 22 Jul 2004 12:21:13 +0300
Message-ID: <40FF8709.9000801@zaz.zp.ua> (raw)
In-Reply-To: <782338533.20040722114217@vostok.net.ua>

Alexey S. Kuznetsov пишет:

> 
> ну я понимаю...она отслеживает.....есть ли аналог, если нет iptables
> такой кооманде:
> iptables -I input -s 192.168.5.117 -d 192.168.5.1 -m mac --mac-source 00:0a:00:00:00:01 -j ACCEPT
> 
> 
Можно вручную задать соответствие MAC и IP:
man arp
/skip
  -s hostname hw_addr, --set hostname
               Manually create an ARP address mapping entry for  host 
hostname
               with hardware address set to hw_addr class, but for most 
classes
               one can assume that the usual presentation can be used. 
For the
               Ethernet  class,  this  is  6 bytes in hexadecimal, 
separated by
               colons. When adding proxy arp entries (that is  those 
with  the
               publish  flag  set  a  netmask may be specified to proxy 
arp for
               entire subnets. This is not good practice, but is 
supported  by
               older  kernels because it can be useful. If the temp flag 
is not
               supplied entries will be permanent stored into the ARP cache.
               NOTE: As of kernel 2.2.0 it is no longer possible to set 
an  ARP
               entry  for  an entire subnet. Linux instead does 
automagic proxy
               arp when a route exists and it is  forwarding.  See 
arp(7)  for
               details.

next prev parent reply	other threads:[~2004-07-22  9:21 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2004-07-22  8:19 Alexey S. Kuznetsov
2004-07-22  8:25 ` Gennadiy Redko
2004-07-22  8:25 ` Mike Lykov
2004-07-22  8:42   ` Re[2]: " Alexey S. Kuznetsov
2004-07-22  9:21     ` Gennadiy Redko [this message]
2004-07-22  9:33 ` Eugene Prokopiev

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=40FF8709.9000801@zaz.zp.ua \
    --to=uit1@zaz.zp.ua \
    --cc=community@altlinux.ru \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

ALT Linux Community general discussions

This inbox may be cloned and mirrored by anyone:

	git clone --mirror http://lore.altlinux.org/community/0 community/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 community community/ http://lore.altlinux.org/community \
		mandrake-russian@linuxteam.iplabs.ru community@lists.altlinux.org community@lists.altlinux.ru community@lists.altlinux.com
	public-inbox-index community

Example config snippet for mirrors.
Newsgroup available over NNTP:
	nntp://lore.altlinux.org/org.altlinux.lists.community


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git