[Shorewall-users] allowonly list for MAC-addresses

Magnus Stenman stone@hkust.se
Thu, 25 Apr 2002 02:14:38 +0200


What would be the best (and most efficient) way of *only* allowing
certain MAC addresses in packets arriving to an interface?

"blacklist" and "common" don't seem to be the right place...

something like a dead-end chain passed before everything else, which
certain MAC adresses will bypass.



I'm thinking of grepping out all the "registered" MAC addresses
from my DHCP config automatically, to make wlan and empty ethernet
socket hi-jacking a bit trickier.


It won't stop a determined leecher, but filters out 99%+ of
the normal attempts


/magnus