|Prev||Filtering and Manipulation of Packets||Next|
iptables -A INPUT --match mac --mac-source 12:E4:86:FA:5C:54 -j ACCEPT
Match source MAC address. It must be of the form XX:XX:XX:XX:XX:XX. Note that this only makes sense for packets coming from an Ethernet device and entering the PREROUTING, FORWARD or INPUT chains.
This options is very useful for protection against man-in-the-middle attacks, because it is possible to combine it with the --source option and so protection against arp-spoofing may be provided.
|Incoming and Outgoing Interface||Up||Limit matches|