Hi
This is possible with netfilter upstream as i was indicated by the netfilter devs after a quick email as below.
I guess our intergration needs updating to be able to parse this format to work via UCI commands in openwrt as well as an update to netfilter beyond where this oatch is applied?
Hi,
This is possible these days:
# nft add rule x y ether saddr aa:bb:cc:00:00:00/24
Do you still want the bugzilla account? That's also possible.
Thanks for reporting.
On Thu, Jul 06, 2023 at 11:47:59AM +0000, Jonathan Brophy wrote:
>
>
> Hi
>
>
>
> My request pertains to using wildcard’s for MAC addresses so I may filter specific OUI venders in netfilter currently it does not allow this.
>
>
> For example if I wished to block VMware devices on my network I could block the below OUI vender wildcards as listed below:
>
>
> 00:1c:14:*:*:*
>
> 00:50:56:*:*:*
>
> 00:0c:29:*:*:*
>
> 00:05:69:*:*:*
>
>
> More vendors can be found here:
>
> https://ouilookup.com/
>
>
>
> If I wished to block android and apple devices with random MAC addresses conforming to RFC7042 I would list the wild cards below:
>
>
> *2:*:*:*:*:*
>
> *6:*:*:*:*:*
>
> *a:*:*:*:*:*
>
> *e:*:*:*:*:*
>
>
> More info below:
>
>
> https://www.mist.com/get-to-know-mac-address-randomization-in-2020/
>
> https://datatracker.ietf.org/doc/html/rfc7042#section-2.1
>
>
>
> I’d like to sign up to the netfilter bugzilla to post this feature request.
>
>
> There was in the past patches as below to perform these functions but it never made it in to your repo:
>
> https://martin.uy/blog/wildcard-support-for-mac-addresses-in-netfilter-linux-kernel-and-iptables/
>
>
>
>
> Regards,
>
> ############