From owner-freebsd-security Sat May 4 22:58: 8 2002 Delivered-To: freebsd-security@freebsd.org Received: from D00015.dialonly.kemerovo.su (www2.svzserv.kemerovo.su [213.184.65.86]) by hub.freebsd.org (Postfix) with ESMTP id 19EC737B41B for ; Sat, 4 May 2002 22:58:03 -0700 (PDT) Received: from D00015.dialonly.kemerovo.su (eugen@localhost [127.0.0.1]) by D00015.dialonly.kemerovo.su (8.12.3/8.12.2) with ESMTP id g455uvnv000411; Sun, 5 May 2002 13:56:57 +0800 (KRAST) (envelope-from eugen@D00015.dialonly.kemerovo.su) Received: (from eugen@localhost) by D00015.dialonly.kemerovo.su (8.12.3/8.12.3/Submit) id g455uton000410; Sun, 5 May 2002 13:56:55 +0800 (KRAST) Date: Sun, 5 May 2002 13:56:55 +0800 From: Eugene Grosbein To: "William J. Borskey" Cc: security@FreeBSD.ORG Subject: Re: ipfw Message-ID: <20020505135655.A320@grosbein.pp.ru> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from wborskey@hotmail.com on Sat, May 04, 2002 at 08:36:52PM -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Sat, May 04, 2002 at 08:36:52PM -0700, William J. Borskey wrote: > is it possible to write rules for ipfw using ethernet addresses instead of > ip addresses? You can have frozen ARP table and use ip addresses for ipfw to achieve the same effect. Check this out: http://www.FreeBSD.org/cgi/query-pr.cgi?pr=kern/36373 We use sort of that in production. Eugene Grosbein To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message