For example, if you want people at your school to have access to your network service, but nobody else, you can whitelist the IP block assigned to your school.īut again, you should only consider this a first step. You'll have a bit more success if you whitelist IP blocks. This won't be foolproof, however, because a) the geolocation lists are never perfectly accurate and perfectly up to date, and b) there are services such as proxies, VPNs and anonymization networks which can hide the actual origin IP of a request. So you could in theory lock out anyone from china by blocking all IPs registered to chinese internet providers, chinese firms etc. There are services that provide geolocation services based on IP addresses usually whole blocks of IP addresses are assigned to specific institutions. What you can do is filter IP addresses by IP address block. I can give my computer the same MAC address yours has, and as long as they're not on the same network segment, everything continues working just fine, except that if there was a way to look at the MAC address of a request in a routed network, I'd now look just like you. As others have already noted, filtering by MAC doesn't work because MAC addresses are not routable, only IP adresses are.įiltering by MAC address wouldn't really work, anyway, because MAC addresses can be easily spoofed (changed).
