|
||||||||
Yeah, Arp firewalling would be great. I tried iptables -A INPUT -m mac --mac-source 00:40:f4:11:71:b6 -j DROP on iptables internal machine. It too was unsuccessful. I like a default deny firewall. Just downloaded this today to give a run. It would be nice to block arp/mac/ip as well. On Monday 10 May 2004 12:54 pm, Eric Shorkey wrote: > ARP firewalling support would be great too. Not a big deal when m0n0wall is > in router mode, since ARP is too low in the OSI model, but in bridging mode > it would be useful. > > ----- Original Message ----- > From: "rjspence" <rjspence at tampabay dot rr dot com> > To: <m0n0wall at lists dot m0n0 dot ch> > Sent: Monday, May 10, 2004 12:50 PM > Subject: [m0n0wall] Non-IP blocking? > > > I did a new cdrom install and ran Iptraf on an internal slack machine. > > Immediatly I noticed incoming NON-IP packets coming from this mac address > > eth.src == 00:40:f4:11:71:b6 . This was confirmed by ethereal. Does > > monowall > > > block mac's or non-ip? I've taken alook at all my mac addresses and the > > above > > > mac is not within my network configuration. > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch > > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch > > --------------------------------------------------------------------- > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch |