Date: Wed, 13 May 2009 12:07:09 -0700 From: Andrew Thompson <thompsa@FreeBSD.org> To: Brett Glass <brett@lariat.net> Cc: net@freebsd.org Subject: Re: MAC locking and filtering in FreeBSD Message-ID: <20090513190709.GA2871@citylink.fud.org.nz> In-Reply-To: <200905131648.KAA15455@lariat.net> References: <200905131648.KAA15455@lariat.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, May 13, 2009 at 10:48:02AM -0600, Brett Glass wrote: > I need to find a way to do "MAC address locking" in FreeBSD -- that is, to > ensure that only a machine with a particular MAC address can use a > particular IP address. Unfortunately, it appears that rules in FreeBSD's > IPFW are "stuck" on one layer: rules that look at Layer 2 information in a > packet can't look at Layer 3, and vice versa. Is there a way to work around > this to do MAC address locking and/or other functions that involve looking > at Layer 2 and Layer 3 simultaneously? This has been implemented as part of Gleb Kurtsov's 2008 SoC project. http://wiki.freebsd.org/GlebKurtsov/Improving_layer2_filtering It has not been committed yet but I beleieve is ready to go in, you can find the code on the svn branch http://svn.freebsd.org/viewvc/base/projects/l2filter/ Andrew
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20090513190709.GA2871>