Date: Sat, 9 Jun 2012 12:23:56 +0800 From: Bill Yuan <bycn82@gmail.com> To: freebsd-questions@freebsd.org Subject: Re: how to filter network by MAC and IP at the same time Message-ID: <CAC%2BJH2wQcXY2fO2hbb6DH_PM60nKiPh9pBnDX1m2POFyCYRCAw@mail.gmail.com> In-Reply-To: <44y5nxy29s.fsf@be-well.ilk.org> References: <CAC%2BJH2zw0%2BXrJG=xnnFWEh8_JkGc7YnnqFE2VAtQBS5T7RubbA@mail.gmail.com> <44y5nxy29s.fsf@be-well.ilk.org>
next in thread | previous in thread | raw e-mail | index | archive | help
rule like below #allow the traffic which source mac is belong to the machine ipfw add 1 allow all from any to any MAC <MAC ADDR1> any #allow the ...... destination mac is that machine ipfw add 1 allow all from any to any MAC any <MAC ADDR1> ipfw add 1 deny all from any to any it is not working , all the traffic will be block by the deny !!! how come ? On Sat, Jun 9, 2012 at 4:30 AM, Lowell Gilbert < freebsd-questions-local@be-well.ilk.org> wrote: > Bill Yuan <bycn82@gmail.com> writes: > > > i am using freebsd 9.0 as a firewall and i want to filter the traffic by > > the mac and the ip at the same time, > > > > for example, i only allow my laptop <MAC Address 1> can go throught the > > firewalll when it's using IP <IP Address 1> > > > > for how to config the firewall rules? > > > > > > I tried to configure the firewall by the rule below , but it doesnt work > > > > ipfw add 1 allow all from <IP Address 1> to any MAC <MAC Address 1> any > > ipfw add 1 allow all from any to <IP Address 1> MAC any <MAC Address > 1> > > Well, for one thing if I understand your intent, you have the MAC > addresses in the wrong order. Unless your firewall is acting as a > bridge, you also need to keep in mind that the MAC addresses are changed > when passing through, so those rules will only work on one side (i.e., > you'll need "in via" type rules). > > > but it doesnt work. also found the explanation on google, someone already > > asked this question before. > > I don't understand. Was there a suggested approach or not? > > > but I did not find the solution for this requirement. can someone tell > me > > how ? thanks in advance. > > I can't guarantee this will work, and I don't have any way to test it, > but my above comments would suggest something more like: > > > ipfw add 1 allow all from <IP Address 1> to any MAC any <MAC Address > in via $iif > > > ipfw add 1 allow all from any to <IP Address 1> MAC <MAC Address 1> > any out via $oif > > Good luck. >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAC%2BJH2wQcXY2fO2hbb6DH_PM60nKiPh9pBnDX1m2POFyCYRCAw>