From owner-freebsd-hackers Mon Aug 28 21:38:35 2000 Delivered-To: freebsd-hackers@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id D304A37B43E for ; Mon, 28 Aug 2000 21:38:33 -0700 (PDT) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.9.3/8.9.3) with SMTP id AAA92889; Tue, 29 Aug 2000 00:37:45 -0400 (EDT) (envelope-from robert@fledge.watson.org) Date: Tue, 29 Aug 2000 00:37:45 -0400 (EDT) From: Robert Watson X-Sender: robert@fledge.watson.org To: Jaye Mathisen Cc: hackers@freebsd.org Subject: Re: Anyway to ipfw filter based on MAC address? In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Mon, 28 Aug 2000, Jaye Mathisen wrote: > I would love to be able to filter ipfw traffic based on more than just > IP. > > Anybody done anything like this? The OpenBSD bridge filtering code can do this, allowing you to map MAC addresses to specific interfaces, and prevent spoofing, among other things. There's been some talk of restructuring (possibly rewriting) the bridge/filtering code in FreeBSD, and Archie Cobbs has suggested that NetGraph would be a good way to do this. Arbitrary packet filtering would be fairly possible in such an environment, but we don't currently have an implementation that does that. Hopefully in a few months, we'll be able to claim otherwise. Sorry about that! Robert N M Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1 TIS Labs at Network Associates, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message