[mac filter with tap tunnel]
Benoit noteris
bnoteris at odbee.com
Fri Jul 24 12:57:07 UTC 2009
It works i've talk to fast :)
The blocked mac addresse owner can't log but he is still able to get the
coova.jpg in browser that strange but he can't go after that what I'm
looking for.
chears
-----Message d'origine-----
De : Benoit noteris [mailto:bnoteris at odbee.com]
Envoyé : vendredi 24 juillet 2009 13:55
À : chilli at coova.org
Objet : [mac filter with tap tunnel]
Hy list,
I'm testing the new release coova-chilli-1.0.14, I still trying to lock mac
addressee for fixed ip addresses iv'e tested arptable and ebtable and
iptables filter
Here are filter I tried.
--------------------------------------------------
root at portailtst:~# arptables -L
Chain INPUT (policy ACCEPT)
-j DROP --src-mac 00:40:63:d8:42:70
Chain OUTPUT (policy ACCEPT)
Chain FORWARD (policy ACCEPT)
root at portailtst:~# ebtables -L
Bridge table: filter
Bridge chain: INPUT, entries: 1, policy: ACCEPT
-s 0:40:63:d8:42:70 -j DROP
Bridge chain: FORWARD, entries: 0, policy: ACCEPT
Bridge chain: OUTPUT, entries: 0, policy: ACCEPT
---------------------------------------
The client is authentificated in the chilli without problem and not blocked
at all ..
root at portailtst:~# arp -a
? (172.1.2.3) at 00:40:63:D8:42:70 [ether] PERM on tap0
With the arp -a we can see it now and tap tunnel working very well in this
version.
So I realy don't understand why my filter does'nt work properly.
If anyone had an idea, I'm wide open.
Chears.
Benoit noteris
---------------------------------------------------------------------
To unsubscribe, e-mail: chilli-unsubscribe at coova.org
For additional commands, e-mail: chilli-help at coova.org
Wiki: http://coova.org/wiki/index.php/CoovaChilli
Forum: http://coova.org/phpBB3/viewforum.php?f=4
More information about the Chilli
mailing list