Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
i am trying to configure suse linux 10.0 in my home as a firewall ,and i am having netgear router. i am having 2 netwok cards. and i gave 2 ipaddress for each . and my problem is i want to do mac address authentication for hosts . can i do it.
I think he means 'can I only allow hosts with known MAC adresses', which isn't really MAC Address authentication, but can be done. (Quite easily, but a bit painfully if your list of allowed MAC addresses keeps changing.)
The trouble is he is probably using SuSE firewall 2 and that, or more exactly YAST's configuration of that, probably doesn't easily allow this (could be wrong here...I've never thought of trying anything this hard core with it).
So, if that is what you want (whitelisting of MAC Addresses), it seems to me that you have some alternatives:
i) hack the underlying scripts and hope YAST doesn't 'notice'. My guess is that YAST will notice and replace your hacked version with its 'clean' version. The extremist will then get his or her own back on YAST by using iptable-save and iptables-restore from a script that executes on boot _after_ YAST has done its business... Fun, but ugly.
ii) Ignore YAST, and go direct to the metal with Iptables. After all, YAST and the SuSE scripts are only trying to make things easier for you (and failing in this case). You could even let Yast run once, capture its iptables set-up with iptables-save, disable the SuSE firewall and hack what you've got from yast, running iptables-restore on every boot.
iii) Find some other firewall config tool that is more co-operative. Given that most of them are targetted at being 'easy config tools for iptables' whether you'll find one that is 'hard' enough to do this is unknown to me, but if you think that its worth it, don't let me put you off.
So, I think the answer is 'Yes, you can' or at least 'Yes, someone could', but whether, and maybe why, you want to is a mystery to me.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.