From owner-freebsd-questions@FreeBSD.ORG Sat Jun 9 04:23:57 2012 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 600211065670 for ; Sat, 9 Jun 2012 04:23:57 +0000 (UTC) (envelope-from bycn82@gmail.com) Received: from mail-pb0-f54.google.com (mail-pb0-f54.google.com [209.85.160.54]) by mx1.freebsd.org (Postfix) with ESMTP id 325D18FC12 for ; Sat, 9 Jun 2012 04:23:57 +0000 (UTC) Received: by pbbro2 with SMTP id ro2so3552166pbb.13 for ; Fri, 08 Jun 2012 21:23:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=NnO1+nu9Mve9Lhi6yNPszFCeNI+eA8tgdzWnzpfVZyE=; b=ma5GrJnbKx0aiJ6kN9O9wvd4lnpNMXipEn1cPYfxb/6E2V4zhXN7vmpHui68R/6N3c gGanisQcGPZWWun3DuYWivQxD5HOLwrfOOPcIjJh1GaimrwWG0ZmE/9jS3ndAo5UlwaO 4Opl9fNaIbVaU05mJDT8s/y1tUhMj7BuKcMNf7WHfdPxp+A7vIC1tIs+Dkmgh5edO4Dy 3PpfQtRorfKmsYXYSg8/sBSDEgNwwRYssniR8ISVXVk8MVWbymeUSngeAGKyFUnss6bt YgyTKEfJ6Hhtc3hBaVIg0z3XgwH6zX80zH1vO+hZh95PrHS8c9hrlnz6oKMmetrY2GI/ dF5g== MIME-Version: 1.0 Received: by 10.68.236.129 with SMTP id uu1mr2199682pbc.77.1339215836733; Fri, 08 Jun 2012 21:23:56 -0700 (PDT) Received: by 10.68.28.231 with HTTP; Fri, 8 Jun 2012 21:23:56 -0700 (PDT) In-Reply-To: <44y5nxy29s.fsf@be-well.ilk.org> References: <44y5nxy29s.fsf@be-well.ilk.org> Date: Sat, 9 Jun 2012 12:23:56 +0800 Message-ID: From: Bill Yuan To: freebsd-questions@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: Re: how to filter network by MAC and IP at the same time X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 09 Jun 2012 04:23:57 -0000 rule like below #allow the traffic which source mac is belong to the machine ipfw add 1 allow all from any to any MAC any #allow the ...... destination mac is that machine ipfw add 1 allow all from any to any MAC any ipfw add 1 deny all from any to any it is not working , all the traffic will be block by the deny !!! how come ? On Sat, Jun 9, 2012 at 4:30 AM, Lowell Gilbert < freebsd-questions-local@be-well.ilk.org> wrote: > Bill Yuan writes: > > > i am using freebsd 9.0 as a firewall and i want to filter the traffic by > > the mac and the ip at the same time, > > > > for example, i only allow my laptop can go throught the > > firewalll when it's using IP > > > > for how to config the firewall rules? > > > > > > I tried to configure the firewall by the rule below , but it doesnt work > > > > ipfw add 1 allow all from to any MAC any > > ipfw add 1 allow all from any to MAC any 1> > > Well, for one thing if I understand your intent, you have the MAC > addresses in the wrong order. Unless your firewall is acting as a > bridge, you also need to keep in mind that the MAC addresses are changed > when passing through, so those rules will only work on one side (i.e., > you'll need "in via" type rules). > > > but it doesnt work. also found the explanation on google, someone already > > asked this question before. > > I don't understand. Was there a suggested approach or not? > > > but I did not find the solution for this requirement. can someone tell > me > > how ? thanks in advance. > > I can't guarantee this will work, and I don't have any way to test it, > but my above comments would suggest something more like: > > > ipfw add 1 allow all from to any MAC any in via $iif > > > ipfw add 1 allow all from any to MAC > any out via $oif > > Good luck. >