Re: Filtering pppoed frames

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Marius Nicolae wrote:

If you can't identify from the frame alone and need state from the pppoe
server or some statistics then it's going to be trickier.
Yes, is possible to identify the frames alone from macs and ethernet
protocol only, in a stateless manner, but it must be rejected only the
"noisy" macs. As a very simplistic description the pppoed protocol is
used to create and terminate pppoe sessions (frames with 0x8864
ethernet protocol) which encapsulates IP frames by signing and even
encrypting them. Thus is very important to let the good and legitimate
macs to send/receive such frames in order to create/terminate pppoe

The only tc thing I can think of would be to keep a list of bad macs - maybe from a script parsing pppoe server logs or something and then periodically replace a tc filter that matches and drops those macs + protocol 0x8864.
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at

[Linux Netfilter Development]     [Linux Kernel Networking Development]     [Linux Networking Development]     [Linux Kernel Development]     [Linux Resources]     [LARTC]     [Bugtraq]     [Consulting]     [Free Internet Dating]     [Yosemite Forum]     [Photo]

Add to Google Powered by Linux