using mac address instead of an IP address of hostname

Hi,

Can one make rules in iptables to allow outgoing connections based only
on destination mac addresses? I looked at the man page of iptables and
looks like that it can be used for incoming packets in some chains only.

thanks,
->HS

On 2007-11-21, H.S. <(E-Mail Removed)> wrote:
>
>
>
> Hi,
>
> Can one make rules in iptables to allow outgoing connections based only
> on destination mac addresses? I looked at the man page of iptables and
> looks like that it can be used for incoming packets in some chains only.
>
Mac addresses exist only on local networks. They aren't transmitted
over the internet.

Bill Marcum wrote:
> On 2007-11-21, H.S. <(E-Mail Removed)> wrote:
>>
>>
>> Hi,
>>
>> Can one make rules in iptables to allow outgoing connections based only
>> on destination mac addresses? I looked at the man page of iptables and
>> looks like that it can be used for incoming packets in some chains only.
>>
> Mac addresses exist only on local networks. They aren't transmitted
> over the internet.

Yes, I was thinking the same thing after reading up on the material in
the last hour or so. Many thanks for the confirmation.

regards,
->HS

Hello,

Bill Marcum a écrit :
> On 2007-11-21, H.S. <(E-Mail Removed)> wrote:
>
>>Can one make rules in iptables to allow outgoing connections based only
>>on destination mac addresses?
>
> Mac addresses exist only on local networks. They aren't transmitted
> over the internet.

Besides, at the time an outgoing packet traverses iptables chains the
destination MAC address is not known yet (except when the chain in
called from the bridging firewall framework bridge-nf). However if the
output interface is a bridge, ebtables can be used to do filtering based
on the MAC addresses.