Date: Tue, 1 May 2007 10:02:04 +0300 From: Fratiman Vladut <vladone@spaingsm.com> To: ipfw@freebsd.org Subject: Re[2]: ipfw with nat - allowing by MAC address Message-ID: <341379168.20070501100204@spaingsm.com> In-Reply-To: <200704262206.44161.asstec@matik.com.br> References: <937e203f0704261554i701849d4j6ecf265490d8252b@mail.gmail.com> <200704262206.44161.asstec@matik.com.br>
next in thread | previous in thread | raw e-mail | index | archive | help
Test this: ipfw add 190 allow ip from any to any layer2 mac-type arp $cmd add 192 skipto 201 MAC any xx:xx:xx:xx:xx:xx in via $pif layer2 ......................................................................................................................................... $cmd add 200 deny MAC any any in recv $pif layer2 This is part from a sh script where $pif is an variable that represent your private interface (ex. pif="fxp0"), and cmd="/sbin/ipfw -q" Rule 190 allow arp broadcast traffic. Without this rule traffic will be blocked after few minutes. Rules from 192 to 199 (obviously u can put any number) contain mac's that u want to allow. Rules 200 block all rest of traffic with wrong mac. Be careful if u want to make traffic shaping, because with layer 2 activated, packets are filtered twice, at ip level and mac level. My sincerely recommendation is to use pppoe. Is easy to implement with mpd4 and is secure.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?341379168.20070501100204>