From owner-freebsd-net@FreeBSD.ORG  Fri Aug 12 08:52:43 2005
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
X-Original-To: freebsd-net@freebsd.org
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 5E73B16A41F
	for <freebsd-net@freebsd.org>; Fri, 12 Aug 2005 08:52:43 +0000 (GMT)
	(envelope-from tataz@tataz.chchile.org)
Received: from postfix3-1.free.fr (postfix3-1.free.fr [213.228.0.44])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 0263343D45
	for <freebsd-net@freebsd.org>; Fri, 12 Aug 2005 08:52:42 +0000 (GMT)
	(envelope-from tataz@tataz.chchile.org)
Received: from tatooine.tataz.chchile.org
	(vol75-8-82-233-239-98.fbx.proxad.net [82.233.239.98])
	by postfix3-1.free.fr (Postfix) with ESMTP id 1F6B917349E;
	Fri, 12 Aug 2005 10:52:41 +0200 (CEST)
Received: by tatooine.tataz.chchile.org (Postfix, from userid 1000)
	id 86268405B; Fri, 12 Aug 2005 10:52:52 +0200 (CEST)
Date: Fri, 12 Aug 2005 10:52:51 +0200
From: Jeremie Le Hen <jeremie@le-hen.org>
To: Claudio Jeker <cjeker@diehard.n-r-g.com>, freebsd-net@freebsd.org,
	Steve Langdon <steve.langdon@mail.ru>
Message-ID: <20050812085251.GB45385@obiwan.tataz.chchile.org>
References: <E1E2qIp-000NEB-00.steve-langdon-mail-ru@f24.mail.ru>
	<20050810141938.GF31018@diehard.n-r-g.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20050810141938.GF31018@diehard.n-r-g.com>
User-Agent: Mutt/1.5.9i
Cc: 
Subject: Re: Stranges with ARP
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Aug 2005 08:52:43 -0000

Hi Claudio, Steve,

> > While user is blocked by _our_ generated MAC! Btw, could anyone advice
> > me how to block user IP block without touching ipfw (I think to use
> > route + ``-blackhole' to that user that have no his MAC in my ARP
> > table), any ideas?

I'm just wondering why you don't want to use ipfw ?  If it is for
performance reasons, you have to know that ipfw is really fast and
is intended to be run on routers.  Have a look at this post [1].

> Come on have a look at the MAC address. d1:fa:28:ec:87:98. Ja ja ja d1.
> Remember the multicast bit of 802.11? No, its the LSB of the first octet.
> So your outgoing pings are actually multicasts.

Good catch ! :-)

[1] http://lists.freebsd.org/pipermail/freebsd-ipfw/2005-July/001934.html

Regards,
-- 
Jeremie Le Hen
< jeremie at le-hen dot org >< ttz at chchile dot org >