[mac filter with tap tunnel]
Benoit noteris
bnoteris at odbee.com
Fri Jul 24 11:55:09 UTC 2009
Hy list,
I'm testing the new release coova-chilli-1.0.14, I still trying to lock mac
addressee for fixed ip addresses iv'e tested arptable and ebtable and
iptables filter
Here are filter I tried.
--------------------------------------------------
root at portailtst:~# arptables -L
Chain INPUT (policy ACCEPT)
-j DROP --src-mac 00:40:63:d8:42:70
Chain OUTPUT (policy ACCEPT)
Chain FORWARD (policy ACCEPT)
root at portailtst:~# ebtables -L
Bridge table: filter
Bridge chain: INPUT, entries: 1, policy: ACCEPT
-s 0:40:63:d8:42:70 -j DROP
Bridge chain: FORWARD, entries: 0, policy: ACCEPT
Bridge chain: OUTPUT, entries: 0, policy: ACCEPT
---------------------------------------
The client is authentificated in the chilli without problem and not blocked
at all ..
root at portailtst:~# arp -a
? (172.1.2.3) at 00:40:63:D8:42:70 [ether] PERM on tap0
With the arp -a we can see it now and tap tunnel working very well in this
version.
So I realy don't understand why my filter does'nt work properly.
If anyone had an idea, I'm wide open.
Chears.
Benoit noteris
More information about the Chilli
mailing list