Date: Fri, 7 Feb 2003 00:01:35 +0200 From: Dancho Penev <dpenev@mail.bg> To: Martin Larsson <sopppp@home.se> Cc: freebsd-ipfw@FreeBSD.ORG Subject: Re: mac question Message-ID: <20030206220135.GA501@earth.dpsca.bg> In-Reply-To: <1044388860.1366.4.camel@oddjob.kul.lan> References: <1044388860.1366.4.camel@oddjob.kul.lan>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Feb 04, 2003 at 09:01:00PM +0100, Martin Larsson wrote: >Subject: mac question >From: Martin Larsson <sopppp@home.se> >To: freebsd-ipfw@freebsd.org >Date: 04 Feb 2003 21:01:00 +0100 > >hi, dunno if this is the right place to ask but i was wonderring why the freebsd-questions list is more suitable for this kind of questions. >following lines dont work > >${fwcmd} add 200 allow ip from any to any MAC ${oddmac} ${lanmac} in via >rl0 >${fwcmd} add 205 allow ip from any to any MAC ${lanmac} ${oddmac} in via >rl0 >${fwcmd} add 210 deny ip from any to any MAC any any in via rl0 > >the two computers are in lan and $lanmac are the servers mac addres and >$oddmac a client. > >the last line doesnt seem to block anything. Did you enable ipfw on layer2 ? # sysctl net.link.ether.ipfw=1 And somethink else: with these rules you will have problems when server or client tries to find mac address of peer with arp request. I'll suggest you these rules: allow all from any to any mac any ${lanmac} layer2 out xmit rl0 allow all from any to any mac any ${oddmac} layer2 in recv rl0 deny all from any to any layer2 via rl0 Note that these rules are for your server, for client you must swap "out xmit" and "in recv". > >Best regards Martin > > > > >-- >Martin Larsson <sopppp@home.se> > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-ipfw" in the body of the message -- Regards, Dancho Penev To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030206220135.GA501>