Re: [Shorewall-users] Re: allow ip + mac ?

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Paul Gear wrote:
> S t i n g r a y wrote:
>   
>> I know it sounds wieard , but is it possible to have a
>> rule like this ? 
>>
>> i want to allow this mac if its coming from this ip
>> address ?
>>     
>
> It's possible, but it's only useful on the local LAN.  A MAC address is
> a *link-layer* address and doesn't ever get transmitted across the Internet.
>   

    Paul,

    That's not entirely true.

    You could e-mail it to the remote site. That's *mail-layer-auth* for 
all the amateurs... Very advanced.... Just being deployed.... It's RFC 
43561 and 1/3 (b). The old RFC 43561 and 1/3 (a) protocol was pretty 
nice too. If you had the specified pen and paper, you could be totally 
without data-link, and you could still send a MAC address- though it did 
take 3 to 5 days.

    (I know- I need to cut down on the coffee...I hope no one is humor 
impaired)

    Michael :P