From owner-freebsd-questions@FreeBSD.ORG  Mon Apr 26 02:22:32 2004
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 2ACCB16A4CE
	for <questions@freebsd.org>; Mon, 26 Apr 2004 02:22:32 -0700 (PDT)
Received: from smtp1.libero.it (smtp1.libero.it [193.70.192.51])
	by mx1.FreeBSD.org (Postfix) with ESMTP id B1CD043D58
	for <questions@freebsd.org>; Mon, 26 Apr 2004 02:22:31 -0700 (PDT)
	(envelope-from ml.ventu@flashnet.it)
Received: from soth.ventu (151.38.56.216) by smtp1.libero.it (7.0.027-DD01)
	id 4048911500CCCEEA for questions@freebsd.org;
	Mon, 26 Apr 2004 11:22:51 +0200
Received: from mailer (xanatar.ventu [10.1.2.6])
	by soth.ventu (8.12.10/8.12.10) with SMTP id i3Q9Koft039225
	for <questions@freebsd.org>; Mon, 26 Apr 2004 11:20:51 +0200 (CEST)
	(envelope-from ml.ventu@flashnet.it)
Message-Id: <200404260920.i3Q9Koft039225@soth.ventu>
To: <questions@freebsd.org>
Priority: Normal
X-Mailer: Post Road Mailer for OS/2 (Green Edition Ver 3.0)
Date: Mon, 26 Apr 2004 11:20:51 EST
From: Andrea Venturoli <ml.ventu@flashnet.it>
Subject: Re: Bridging Firewall
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
Reply-To: Andrea Venturoli <ml@netfence.it>
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Apr 2004 09:22:32 -0000

** Reply to note from "Mike Maltese" <mike@pcmedx.com> Fri, 23 Apr 2004 15:06:12 -0700


> > I find no reference to MAC rules showing up in 5.2.1. Any help or advice 
> > would be appreciated. 
>    
> That's because bridge(4) doesn't do Layer 2 filtering. Neither does ipfw (as 
> well it shouldn't).

???

System is a 4.9:

#ipfw l

00020 deny ip from any to any layer2 { mac-type 0x809b or mac-type 0x80f3 or mac
-type 0x0023 or mac-type 0x0027 or mac-type 0x001d or mac-type 0x0031 or mac-typ
e 0x0067 }
00025 deny ip from any to any layer2 { mac-type 0x012a or mac-type 0x0075 or mac
-type 0x0004 or mac-type 0x00a6 or mac-type 0x0003 }
00025 deny ip from any to any layer2 { mac-type 0x002f or mac-type 0x0012 or mac
-type 0x0097 or mac-type 0x0071 or mac-type 0x00ce or mac-type 0x00a2 or mac-typ
e 0x0088 }
00030 deny ip from any to any layer2 { mac-type 0x002a or mac-type 0x0025 or mac
-type 0x0064 }
00030 deny ip from any to any layer2 { mac-type 0x0063 or mac-type 0x0060 or mac
-type 0x0068 or mac-type 0x0054 }
00030 deny ip from any to any layer2 { mac-type 0x8137 or mac-type 0x00e0 or mac
-type 0x0000 or mac-type 0x8037 or mac-type 0x8038 or mac-type 0x0022 }
..


Isn't this what you are talking about?

 bye
        av.