Date: Sun, 17 Jun 2012 23:39:14 +0800 From: Bill Yuan <bycn82@gmail.com> To: Ian Smith <smithi@nimnet.asn.au> Cc: freebsd-questions@freebsd.org, "Brian W." <brian@brianwhalen.net>, "Randal L. Schwartz" <merlyn@stonehenge.com> Subject: Re: how to allow by MAC Message-ID: <CAC%2BJH2wbXyyRzG0qruUoGRGH%2BGpw_FKquZmAgPVpeRNW4fmTvw@mail.gmail.com> In-Reply-To: <20120613182325.K46641@sola.nimnet.asn.au> References: <20120610120041.4D0F610657C3@hub.freebsd.org> <20120611025332.N46641@sola.nimnet.asn.au> <CAC%2BJH2w6B7fXu6tvcJ8t1FZbPb7pFQVbSwk93r-9JRYpFy2hcw@mail.gmail.com> <CADV=szWbNfW-MaKi5heamPNR3qz4xiY62ynm6BgK=huPEx=K_w@mail.gmail.com> <CAC%2BJH2xcqcDR%2B1y6zwMQ-Jqy%2BzoB2MgnM%2Bb4Nz8AMc3P-gksHw@mail.gmail.com> <863961ze51.fsf@red.stonehenge.com> <20120613182325.K46641@sola.nimnet.asn.au>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Jun 13, 2012 at 4:56 PM, Ian Smith <smithi@nimnet.asn.au> wrote: > On Mon, 11 Jun 2012 15:18:18 -0700, Randal L. Schwartz wrote: > > >>>>> "Bill" == Bill Yuan <bycn82@gmail.com> writes: > > Bill> I want to create a white list MAC address, Only the machine > which it's MAC > > Bill> in the white list will be allowed, all others will be blocked. > > > > Bad idea. Since (a) every MAC address that *is* allowed is transmitted > > in the clear and (b) it's trivial to spoof a MAC address. > > > > This. is. no. security. > > Indeed, that's right Randal. But I got the impression from Bill's mails > that this is more likely just something inside his internal network. Filtering by MAC is not secure, I agree. but at least secure enough for a internal network. And I am quite sure what I want to archive. I am really want to know how to FILTER BY MAC . > > > Please stop even trying. > > Well I don't think learning how to use ipfw properly at layer2 is a bad > idea in itself, and I wouldn't want to discourage anyone from that. > > For some years I ran a filtering transparent bridge with ipfw + dummynet > for a small network of about 20 mostly W98, XP and Mac boxes sharing one > slow ADSL gateway between various assorted community groups (talk about > herding cats! :) and MAC filtering was one of the handiest tools when > some box or other got owned (again!) by some virus and started spewing > spam, provider complains and/or cuts access .. you know the deal. > > In that sort of environment, none of the punters had any clue about > forging MACs or anything vaguely like that, and it stopped people > randomly plugging boxes into the network. Horses for courses. > > I replied in more detail to another from Bill privately, copy follows. Thanks. I saw your email already .very helpful . I will continue to try in that way . and share with all here in the feature.:) cheers, Ian
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAC%2BJH2wbXyyRzG0qruUoGRGH%2BGpw_FKquZmAgPVpeRNW4fmTvw>