Re: Filtering pppoed frames
|[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]|
Marius Nicolae wrote:
If you can't identify from the frame alone and need state from the pppoe server or some statistics then it's going to be trickier.Yes, is possible to identify the frames alone from macs and ethernet protocol only, in a stateless manner, but it must be rejected only the "noisy" macs. As a very simplistic description the pppoed protocol is used to create and terminate pppoe sessions (frames with 0x8864 ethernet protocol) which encapsulates IP frames by signing and even encrypting them. Thus is very important to let the good and legitimate macs to send/receive such frames in order to create/terminate pppoe sessions.
The only tc thing I can think of would be to keep a list of bad macs - maybe from a script parsing pppoe server logs or something and then periodically replace a tc filter that matches and drops those macs + protocol 0x8864.
-- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html