Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 30 Jul 2010 13:58:30 +0200
From:      Bas Smeelen <b.smeelen@ose.nl>
To:        freebsd-questions@freebsd.org
Subject:   Re: IPFW with MAC address configuration
Message-ID:  <4C52BE66.1000908@ose.nl>
In-Reply-To: <BLU0-SMTP101EE0EB35631182688E5DB93AA0@phx.gbl>
References:  <BLU0-SMTP101EE0EB35631182688E5DB93AA0@phx.gbl>
next in thread | previous in thread | raw e-mail | index | archive | help 
On 07/30/2010 01=3A18 PM=2C Carmel wrote=3A
=3E I am trying to set up a rule using IPFW that utilizes a MAC address
=3E rather than an IP one=2E
=3E
=3E ipfw -q allow log tcp from MAC 00-14-A4-43-8E-BA to me 137 in via nfe0=
 setup keep-state
=3E
=3E Would that work=2C assuming the machine I want to allow access has that=

=3E MAC address=3F
=3E
=3E  =20
According to the manual =28man ipfw=29 I guess the rule would something lik=
e=3A
ipfw add 1000 allow log tcp MAC any 00=3A14=3AA4=3A43=3A8E=3ABA/33 to me 13=
7 in
via nfe0 setup keep-state    =20

>From the manual=3A

=7B MAC =7C mac =7D dst-mac src-mac
             Match packets with a given dst-mac and src-mac addresses=2C
speci-
             fied as the any keyword =28matching any MAC address=29=2C or s=
ix
groups
             of hex digits separated by colons=2C and optionally followed b=
y a
             mask indicating the significant bits=2E  The mask may be
specified
             using either of the following methods=3A

             1=2E      A slash =28/=29 followed by the number of significan=
t bits=2E
                     For example=2C an address with 33 significant bits
could be
                     specified as=3A

                           MAC 10=3A20=3A30=3A40=3A50=3A60/33 any

             2=2E      An ampersand =28=26=29 followed by a bitmask specifi=
ed as six
                     groups of hex digits separated by colons=2E  For examp=
le=2C
                     an address in which the last 16 bits are significant=

                     could be specified as=3A

                           MAC 10=3A20=3A30=3A40=3A50=3A60=2600=3A00=3A00=
=3A00=3Aff=3Aff any

                     Note that the ampersand character has a special meanin=
g
                     in many shells and should generally be escaped=2E

             Note that the order of MAC addresses =28destination first=2C s=
ource
             second=29 is the same as on the wire=2C but the opposite of th=
e one
             used for IP addresses=2E



DISCLAIMER=3A This e-mail is for the intended recipient=28s=29 only=2E Acce=
ss=2C disclosure=2C copying=2C
distribution or reliance on any of it by anyone else is prohibited=2E If yo=
u have received it
by mistake please let us know by reply and then delete it from your system=
=2E

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4C52BE66.1000908>