From owner-freebsd-net  Thu Aug  1 10: 0:36 2002
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id B9C1C37B401
	for <net@freebsd.org>; Thu,  1 Aug 2002 10:00:18 -0700 (PDT)
Received: from sccrmhc01.attbi.com (sccrmhc01.attbi.com [204.127.202.61])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 3BDD843E65
	for <net@freebsd.org>; Thu,  1 Aug 2002 10:00:18 -0700 (PDT)
	(envelope-from julian@elischer.org)
Received: from InterJet.elischer.org ([12.232.206.8])
          by sccrmhc01.attbi.com
          (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP
          id <20020801170017.JGUG23732.sccrmhc01.attbi.com@InterJet.elischer.org>;
          Thu, 1 Aug 2002 17:00:17 +0000
Received: from localhost (localhost.elischer.org [127.0.0.1])
	by InterJet.elischer.org (8.9.1a/8.9.1) with ESMTP id JAA45045;
	Thu, 1 Aug 2002 09:51:16 -0700 (PDT)
Date: Thu, 1 Aug 2002 09:51:15 -0700 (PDT)
From: Julian Elischer <julian@elischer.org>
To: Anthony Volodkin <anthonyv@brainlink.com>
Cc: net@freebsd.org
Subject: Re: Filtering of PPPoE packets with ipfw
In-Reply-To: <3D48A691.9090901@brainlink.com>
Message-ID: <Pine.BSF.4.21.0208010948390.34540-100000@InterJet.elischer.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-net.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-net>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-net>
X-Loop: FreeBSD.org

there is a netgraph node called etf in -current
(ether-type filter)

it could be used to filter out non-pppoe packets with a little work
however you should be able to do it with ipfw by dropping all packets that
have come from the wireless card directly.
e.g
 deny ip from any to any in recv an0  (or wi0 if that's what you are
using)



On Wed, 31 Jul 2002, Anthony Volodkin wrote:

> Hi,
> 
> Today, I've setup a machine that allows wireless clients to initiate 
> PPPoE sessions with it and thus access the internet or the other network 
> connected to that machine.  However, if wireless clients do not use 
> PPPoE and manually set their IP address/netmask/gateway, they will still 
> be allowed to access the resources.  Is there a way, using ipfw to allow 
> only the encapsulated PPPoE packets through an interface?  I can 
> definetly tell the difference when looking at them with tcpdump.
> 
> On another note, how do I compile ppp with DES support?  The man page 
> says that this is necessary for it to work with MS-CHAP v2.  I cant 
> figure out how to do that.
> 
> My setup involves, pppoe and ppp.  In the future i might investigate 
> doing this with mpd as well.
> 
> Regards,
> Anthony Volodkin
> http://non-standard.net/
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-net" in the body of the message
> 


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message