From owner-freebsd-questions@FreeBSD.ORG  Sun Jan 23 13:18:06 2005
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 767A916A4CE
	for <freebsd-questions@FreeBSD.org>;
	Sun, 23 Jan 2005 13:18:06 +0000 (GMT)
Received: from central.local.mattsnetwork.co.uk (mattsnetwork.co.uk
	[82.152.151.201])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 888CE43D39
	for <freebsd-questions@FreeBSD.org>;
	Sun, 23 Jan 2005 13:18:05 +0000 (GMT)
	(envelope-from matt@mattsnetwork.co.uk)
Received: from workstation1.local.mattsnetwork.co.uk
	(workstation1.local.mattsnetwork.co.uk [192.168.0.149])
	(authenticated bits=0)j0NDI1j7037680
	(version=TLSv1/SSLv3 cipher=DHE-DSS-AES256-SHA bits=256 verify=NO)
	for <freebsd-questions@FreeBSD.org>; Sun, 23 Jan 2005 13:18:01 GMT
	(envelope-from matt@mattsnetwork.co.uk)
From: Matt Dawson <matt@mattsnetwork.co.uk>
To: freebsd-questions@FreeBSD.org
Date: Sun, 23 Jan 2005 13:18:00 +0000
User-Agent: KMail/1.7.2
X-Face: Zrm9At!%e{M_#Po+[-\;
	RFQih#L0/\!^6f8JS_1Nz,8`(@bR%|T,c)3:o6my`.sy$Rt)'^)ec9cWp!MmeH^Gp|Afl)BkcH1GENCBqb&wZ$cdqN27uYfD=jU@1:vWXf|)LmuVKo?1wuS68KeDX&3,#wZP2$N1Ao!_'mZOws67
MIME-Version: 1.0
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <200501231318.00741.matt@mattsnetwork.co.uk>
X-Spam-Status: No, score=-2.8 required=2.5 tests=ALL_TRUSTED autolearn=failed 
	version=3.0.2
X-Spam-Checker-Version: SpamAssassin 3.0.2 (2004-11-16) on 
	central.local.mattsnetwork.co.uk
X-Virus-Scanned: ClamAV 0.80/533/Sun Oct 17 02:09:44 2004
	clamav-milter version 0.80j02:09:44 2004	clamav-milter version 0.80j
	o
X-Virus-Status: Clean
Subject: ipfw filtering of a netgraph bridge
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 23 Jan 2005 13:18:06 -0000

Hi folks,
	Is the above possible? I'm trying to filter by MAC address on an Atheros in 
hostap mode. Kernel bridging doesn't allow clients to talk to the interface 
on the other side of the bridge and since dhcpd listens on this interface 
it's pretty pointless using kernel bridging.

Is there some tomfoolery I have missed in setting this up to allow ipfw to 
filter on MAC? I'm using the standard ether.bridge script from examples, 
changed slightly and bunged in /usr/local/etc/rc.d so the bridge gets 
configured at boot and destroyed at shutdown.
-- 
Matt Dawson.

matt@mattsnetwork.co.uk
MD2657-RIPE OpenNIC M_D9