Date: Thu, 14 May 2009 10:59:57 +0800 From: Eugene Grosbein <eugen@kuzbass.ru> To: Brett Glass <brett@lariat.net> Cc: net@freebsd.org Subject: Re: MAC locking and filtering in FreeBSD Message-ID: <20090514025957.GA45372@svzserv.kemerovo.su> In-Reply-To: <200905131648.KAA15455@lariat.net> References: <200905131648.KAA15455@lariat.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, May 13, 2009 at 10:48:02AM -0600, Brett Glass wrote: > I need to find a way to do "MAC address locking" in FreeBSD -- that > is, to ensure that only a machine with a particular MAC address can > use a particular IP address. Unfortunately, it appears that rules > in FreeBSD's IPFW are "stuck" on one layer: rules that look at > Layer 2 information in a packet can't look at Layer 3, and vice > versa. Is there a way to work around this to do MAC address locking > and/or other functions that involve looking at Layer 2 and Layer 3 > simultaneously? There is no need in advanced filtering rules for that. Just use 'arp -f /path/to/IP-MAC-pairs' with 'ifconfig $iface staticarp'. We use that for years since FreeBSD 2.2.x (before 4.x that required patches). Eugene Grosbein
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20090514025957.GA45372>