Date: Wed, 23 Oct 2002 10:50:57 +0300 From: Artem Okounev <aokounev@yahoo.com> To: Scott Pilz <tech@tznet.com> Cc: freebsd-questions@freebsd.org Subject: Re: Or even - NATD/IPFW/BSD Message-ID: <19889996688.20021023105057@yahoo.com> In-Reply-To: <20021022111516.J73947-100000@mail.tznet.com> References: <20021022111516.J73947-100000@mail.tznet.com>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello Scott, Tuesday, October 22, 2002, 7:15:41 PM, you wrote: > In regards to my last question ... or does anyone even > know how to block all traffic from a MAC ID? IPFW2 allows to match ip packets using MAC. It is not used in stable by default, read man ipfw to figure out how to enable IPFW2. Please note that many modern network cards allow changing their MAC ID easily, so blocking MACs is not 100% solution. If your network do not use DHCP you may write down MAC IDs of all computers in your network along with its IP adresses, then disable ARP resolution on your firewall's interface (ifconfig ed0 -arp), then add static arp mappings for all hosts in your network (arp -s 192.168.0.1 xx:xx:xx:xx:xx:xx). - -- Best regards, Artem mailto:aokounev@yahoo.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.0 (MingW32) iD8DBQE9tlTtbOuJ0KL1C+MRApyXAKC7In5WL3Iyee8kfxKKUnYnNRc3nACgsAG1 sd1Cdzlr3Yw6O1wqIjNlG+Q= =E7UL -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19889996688.20021023105057>