From owner-freebsd-ipfw@FreeBSD.ORG  Tue Sep  7 21:12:49 2004
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 0893416A4CE
	for <freebsd-ipfw@freebsd.org>; Tue,  7 Sep 2004 21:12:49 +0000 (GMT)
Received: from moutng.kundenserver.de (moutng.kundenserver.de
	[212.227.126.183])
	by mx1.FreeBSD.org (Postfix) with ESMTP id C199343D3F
	for <freebsd-ipfw@freebsd.org>; Tue,  7 Sep 2004 21:12:48 +0000 (GMT)
	(envelope-from RoKlein@roklein.de)
Received: from [212.227.126.205] (helo=mrelayng.kundenserver.de)
	by moutng.kundenserver.de with esmtp (Exim 3.35 #1)
	id 1C4nGh-0005Yk-00
	for freebsd-ipfw@freebsd.org; Tue, 07 Sep 2004 23:12:47 +0200
Received: from [80.129.56.228] (helo=z105.roklein.de)
	by mrelayng.kundenserver.de with asmtp (TLSv1:RC4-MD5:128)
	(Exim 3.35 #1)
	id 1C4nGh-0002nY-00
	for freebsd-ipfw@freebsd.org; Tue, 07 Sep 2004 23:12:47 +0200
From: Robert Klein <RoKlein@roklein.de>
Organization: roklein.de
To: freebsd-ipfw@freebsd.org
Date: Tue, 7 Sep 2004 23:12:46 +0200
User-Agent: KMail/1.6.1
References: <5213605.1094564962778.JavaMail.brisbanebsd@mac.com>
	<20040907210245.GA587@lucy.pool-70-17-33-17.pskn.east.verizon.net>
In-Reply-To: <20040907210245.GA587@lucy.pool-70-17-33-17.pskn.east.verizon.net>
MIME-Version: 1.0
Content-Disposition: inline
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-Id: <200409072312.46887.RoKlein@roklein.de>
X-Provags-ID: kundenserver.de abuse@kundenserver.de
	auth:ed18d71deac0f49a40655750752d3db9
Subject: Re: simple mac address filter
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
Reply-To: RoKlein@roklein.de
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Sep 2004 21:12:49 -0000

On Dienstag, 7. September 2004 23:02, Skip Ford wrote:
> brisbanebsd@mac.com wrote:
> > I need to set up MAC filtering on a 5.2.1 Freebsd box.
>
> Have you enabled it by setting net.link.ether.ipfw to 1?
>
> > ipfw add allow ip from any to any mac any 00:0d:93:81:82:1e
>
> Your rule works fine here.
>
> # ipfw add 10 allow ip from any to any mac 00:50:bf:d3:5a:2f
> any 00010 allow ip from any to any MAC 00:50:bf:d3:5a:2f any #
> ipfw show 10
> 00010	   0	     0 allow ip from any to any MAC
> 00:50:bf:d3:5a:2f any # sysctl net.link.ether.ipfw=1
> net.link.ether.ipfw: 0 -> 1
> # ipfw show 10
> 00010	 351	514213 allow ip from any to any MAC
> 00:50:bf:d3:5a:2f any

umm... if I think this should not work.. except you have
options         IPFIREWALL_DEFAULT_TO_ACCEPT 
in your kernel config file.  Could you please check and tell us?

Regards,
Robert