Date: Fri, 7 Feb 2003 00:01:35 +0200 From: Dancho Penev <dpenev@mail.bg> To: Martin Larsson <sopppp@home.se> Cc: freebsd-ipfw@FreeBSD.ORG Subject: Re: mac question Message-ID: <20030206220135.GA501@earth.dpsca.bg> In-Reply-To: <1044388860.1366.4.camel@oddjob.kul.lan> References: <1044388860.1366.4.camel@oddjob.kul.lan>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Feb 04, 2003 at 09:01:00PM +0100, Martin Larsson wrote:
>Subject: mac question
>From: Martin Larsson <sopppp@home.se>
>To: freebsd-ipfw@freebsd.org
>Date: 04 Feb 2003 21:01:00 +0100
>
>hi, dunno if this is the right place to ask but i was wonderring why the
freebsd-questions list is more suitable for this kind of questions.
>following lines dont work
>
>${fwcmd} add 200 allow ip from any to any MAC ${oddmac} ${lanmac} in via
>rl0
>${fwcmd} add 205 allow ip from any to any MAC ${lanmac} ${oddmac} in via
>rl0
>${fwcmd} add 210 deny ip from any to any MAC any any in via rl0
>
>the two computers are in lan and $lanmac are the servers mac addres and
>$oddmac a client.
>
>the last line doesnt seem to block anything.
Did you enable ipfw on layer2 ?
# sysctl net.link.ether.ipfw=1
And somethink else: with these rules you will have problems when server
or client tries to find mac address of peer with arp request. I'll suggest
you these rules:
allow all from any to any mac any ${lanmac} layer2 out xmit rl0
allow all from any to any mac any ${oddmac} layer2 in recv rl0
deny all from any to any layer2 via rl0
Note that these rules are for your server, for client you must swap
"out xmit" and "in recv".
>
>Best regards Martin
>
>
>
>
>--
>Martin Larsson <sopppp@home.se>
>
>
>To Unsubscribe: send mail to majordomo@FreeBSD.org
>with "unsubscribe freebsd-ipfw" in the body of the message
--
Regards,
Dancho Penev
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030206220135.GA501>