From owner-freebsd-questions@FreeBSD.ORG  Sat May 15 06:27:35 2004
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 1EBBA16A4CE
	for <freebsd-questions@freebsd.org>;
	Sat, 15 May 2004 06:27:35 -0700 (PDT)
Received: from auk2.snu.ac.kr (auk2.snu.ac.kr [147.46.100.32])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 99B0D43D62
	for <freebsd-questions@freebsd.org>;
	Sat, 15 May 2004 06:27:34 -0700 (PDT)
	(envelope-from stopspam@users.sourceforge.net)
Received: from [147.46.44.181] (stopspam@users.sourceforge.net) by 
          auk2.snu.ac.kr (Terrace Internet Messaging Server) 
          with ESMTP id 2004051522:12:32:247484.13435.3031002032
          for <freebsd-questions@freebsd.org>; 
          Sat, 15 May 2004 22:12:32 +0900 (KST) 
Message-ID: <40A61AC4.1040708@users.sourceforge.net>
Date: Sat, 15 May 2004 22:27:32 +0900
From: Rob <stopspam@users.sourceforge.net>
User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.6) Gecko/20040507
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: freebsd-questions@freebsd.org
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
X-TERRACE-SPAMMARK: YES-__TRSYS_LV__3 (SR:-1.21)           
 (SRN:SPAMROBOT) -----------------                               
Subject: ipfw2: "mac any any" blocks ipfw rule
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 15 May 2004 13:27:35 -0000


Hi,


I use FreeBSD 4.9-Stable, with IPFW2 compiled in.

I have an ipfw rule as follows:

   ipfw allow udp from 11.22.33.44 to any in via rl0

which works fine for my purpose (I faked the IP address for this email).

Next I needed to add MAC-checking on this rule, so to begin with
I tried to add a dummy mac-check (allow all mac addresses in & out):

   ipfw allow udp from 11.22.33.44 to any in via rl0 mac any any


But this will block, whatever was allowed by the previous version of
this rule. How is that possible?

In this mailinglist I also found a note on:

   sysctl net.link.ether.ipfw=1

which I did, to no avail.

Any ideas, or is MAC-checking broken with ipfw2?

Thanks,
Rob.