Date: Mon, 26 Apr 2004 11:20:51 EST From: Andrea Venturoli <ml.ventu@flashnet.it> To: <questions@freebsd.org> Subject: Re: Bridging Firewall Message-ID: <200404260920.i3Q9Koft039225@soth.ventu>
next in thread | raw e-mail | index | archive | help
** Reply to note from "Mike Maltese" <mike@pcmedx.com> Fri, 23 Apr 2004 15:06:12 -0700
> > I find no reference to MAC rules showing up in 5.2.1. Any help or advice
> > would be appreciated.
>
> That's because bridge(4) doesn't do Layer 2 filtering. Neither does ipfw (as
> well it shouldn't).
???
System is a 4.9:
#ipfw l
00020 deny ip from any to any layer2 { mac-type 0x809b or mac-type 0x80f3 or mac
-type 0x0023 or mac-type 0x0027 or mac-type 0x001d or mac-type 0x0031 or mac-typ
e 0x0067 }
00025 deny ip from any to any layer2 { mac-type 0x012a or mac-type 0x0075 or mac
-type 0x0004 or mac-type 0x00a6 or mac-type 0x0003 }
00025 deny ip from any to any layer2 { mac-type 0x002f or mac-type 0x0012 or mac
-type 0x0097 or mac-type 0x0071 or mac-type 0x00ce or mac-type 0x00a2 or mac-typ
e 0x0088 }
00030 deny ip from any to any layer2 { mac-type 0x002a or mac-type 0x0025 or mac
-type 0x0064 }
00030 deny ip from any to any layer2 { mac-type 0x0063 or mac-type 0x0060 or mac
-type 0x0068 or mac-type 0x0054 }
00030 deny ip from any to any layer2 { mac-type 0x8137 or mac-type 0x00e0 or mac
-type 0x0000 or mac-type 0x8037 or mac-type 0x8038 or mac-type 0x0022 }
..
Isn't this what you are talking about?
bye
av.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200404260920.i3Q9Koft039225>