iptables mac based filtering

Suppose I want to block a Host A which doesnot belong to my subnet and
can change his IP/DNS.

Now I consider blocking host A by its mac address, assuming he doesnot
change his mac address too..

Question is ... that on my subnet, any request coming from host A
would have the mac address of the router connecting my subnet to that
host and not of host A.
So how does mac filter of Iptables would filter out packets coming
from host A based on mac address. Second, How do I determine the mac
address of host A.

RJ41 <(E-Mail Removed)> wrote:
....
> from host A based on mac address. Second, How do I determine the mac
> address of host A.

You don't, mac addresses don't transverse subnets, unless using
proxyarp or alike.

--
Michael Heiming

Remove +SIGNS and www. if you expect an answer, sorry for
inconvenience, but I get tons of SPAM

Michael Heiming <michael+(E-Mail Removed)> wrote in message news:<(E-Mail Removed)>...
> RJ41 <(E-Mail Removed)> wrote:
> ...
> > from host A based on mac address. Second, How do I determine the mac
> > address of host A.
>
> You don't, mac addresses don't transverse subnets, unless using
> proxyarp or alike.

So that means mac based filtering is applicable only hosts belonging
to the same subnet. proxyarp???

RJ41 <(E-Mail Removed)> wrote:
> Michael Heiming <michael+(E-Mail Removed)> wrote in message news:<(E-Mail Removed)>...
> > RJ41 <(E-Mail Removed)> wrote:
> > ...
> > > from host A based on mac address. Second, How do I determine the mac
> > > address of host A.
> >
> > You don't, mac addresses don't transverse subnets, unless using
> > proxyarp or alike.

> So that means mac based filtering is applicable only hosts belonging
> to the same subnet. proxyarp???

Yep, unsure if proxyarp is really what you want, try a google search about
"proxyarp".

--
Michael Heiming

Remove +SIGNS and www. if you expect an answer, sorry for
inconvenience, but I get tons of SPAM