From owner-freebsd-ipfw@FreeBSD.ORG  Sat Dec 25 21:48:54 2004
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 0AC1C16A4CE
	for <freebsd-ipfw@freebsd.org>; Sat, 25 Dec 2004 21:48:54 +0000 (GMT)
Received: from r2d2.bromirski.net (r2d2.bromirski.net [217.153.57.194])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 8F68943D1D
	for <freebsd-ipfw@freebsd.org>; Sat, 25 Dec 2004 21:48:53 +0000 (GMT)
	(envelope-from lukasz@bromirski.net)
Received: from [127.0.0.1] (szopen.jjs.pl [62.111.150.246])
	by r2d2.bromirski.net (Postfix) with ESMTP id 23E76108AFA
	for <freebsd-ipfw@freebsd.org>; Sat, 25 Dec 2004 22:48:52 +0100 (CET)
Message-ID: <41CDE046.1090706@bromirski.net>
Date: Sat, 25 Dec 2004 22:48:54 +0100
From: =?ISO-8859-2?Q?=A3ukasz_Bromirski?= <lukasz@bromirski.net>
User-Agent: Mozilla Thunderbird 1.0 (Windows/20041205)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: freebsd-ipfw@freebsd.org
Content-Type: text/plain; charset=ISO-8859-2; format=flowed
Content-Transfer-Encoding: 8bit
X-Scan-Module: SMTP[mks_vir 2004.12.24 (2004.10.07)]
Subject: IP rule to log also source MAC
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 25 Dec 2004 21:48:54 -0000

Hi,

I wonder if the `log' keyword for ipfw could be extended to also
log MAC-address of packet originator. Something like `log-input' on
Cisco boxes, where You get also MAC of sender.

It would be useful in scenarios, where You have spoofed traffic
incoming on Ethernet interface, and IP source addresses are faked,
spoofed etc.

..ie, when You have:

   deny log ip from any to any not verrevpath in via xl0

something like:

   deny log-input ip from any to any not verrevpath in via xl0

...to get also source MAC-address.

-- 
this space was intentionally left blank    |            Łukasz Bromirski
you can insert your favourite quote here   |        lukasz:bromirski,net