# hosts.allow ssh based on mac address?

## Godsmacker777

Right now I ssh into a friend's server using key authentication. My ip changes on a daily basis (everyone should curse verizon - and dsl in general - in their prayers tonight..) so this isn't really working.

We haven't found any helpful info yet, but is it possible to set the hosts.allow/deny based on mac addresses rather than an ip??

thanks :O)

----------

## ikaro

using shorewall its pretty easy to do that - have you thought about that option ?

----------

## Godsmacker777

we have..and probably will. though right now we're using ssh until we have shorewall running. :O)

any takers?

----------

## rman77

The only easy way that I know of is through shorewall.... its about one line of code I would bite the bullet and install shorewall instead of looking for another way...

-Rman

----------

## nephros

what's wrong with

iptables -A INPUT -p tcp --mac-source XX:XX:XX:XX:XX:XX --dport 22 -j ACCEPT

----------

## think4urs11

 *Godsmacker777 wrote:*   

> ... is it possible to set the hosts.allow/deny based on mac addresses rather than an ip??

 

short answer: in that case - no

If there is one (or >1, doesn't matter) router between your two machines you'll never see the MAC of the other machine connecting to you. All you see on layer-2 level is the MAC of the gateway (normally your default gateway) through which this connection attempt is coming in.

----------

## Godsmacker777

Thanks to everyone for your answers :O)

especially Think4UrS11,  for your details..wasn't sure if the mac address is something that makes it's way through hardware router/firewalls.

Looks like we'll give shorewall a shot.

----------

