From owner-freebsd-stable Fri Feb 28 11:35:21 2003 Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 90A9C37B401 for ; Fri, 28 Feb 2003 11:35:19 -0800 (PST) Received: from ratbert.oucs.ox.ac.uk (ratbert.oucs.ox.ac.uk [163.1.14.71]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9488843F93 for ; Fri, 28 Feb 2003 11:35:14 -0800 (PST) (envelope-from neil.long@computing-services.oxford.ac.uk) Received: from neil by ratbert.oucs.ox.ac.uk with local (Exim 4.10) id 18oqHo-0003rh-00 for freebsd-stable@freebsd.org; Fri, 28 Feb 2003 19:35:13 +0000 From: "Neil Long" Message-Id: <1030228193513.ZM14859@ratbert.oucs.ox.ac.uk> Date: Fri, 28 Feb 2003 19:35:12 +0000 X-Mailer: Z-Mail (5.0.0 30July97) To: freebsd-stable@freebsd.org Subject: IPFW2 MAC restrictions and packet forwarding MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hi 4.7-Release from CD, kernel rebuilt with IPFIREWALL, IPFW2, IPFILTER (ipfw and libalias built with IPFW2=TRUE) Does anyone have any example ipfw command sets to show how to limit access on one interface to specific incoming MACs i.e. I want to allow IPs incoming on ed0 to exit ed1 nated as the IP on ed1 (ipnat is easy bit). (ipnat is running and I set sysctl net.inet.ip.forwarding=1 net.link.ether.ipfw=1) It works with an open-type ipfw list but I haven't been able to figure out all the MAC based rules that are needed as soon as I apply a default deny on ed0. ?net.link.ether.bridge_ipfw=1 and bridge.ko needed? I think the problem is my complete lack of understanding as to the layer2 rules (and even MAC any any layer2 type invocations are not scoring any hits.) I guess I would just like to hear from someone that such a scenario does work on 4.7 :-) thanks Neil -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Dr Neil J Long, Computing Services, University of Oxford 13 Banbury Road, Oxford, OX2 6NN, UK Tel:+44 1865 273232 Fax:+44 1865 273275 EMail: Neil.Long@computing-services.oxford.ac.uk PGP: ID 0xE88EF71F OxCERT: oxcert@ox.ac.uk PGP: ID 0x9FF898D5 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message