From owner-freebsd-questions  Fri Apr 27 16:53:37 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from Spaz.HuntsvilleAL.COM (spaz.huntsvilleal.com [63.147.8.31])
	by hub.freebsd.org (Postfix) with ESMTP id 8757A37B42C
	for <freebsd-questions@FreeBSD.ORG>; Fri, 27 Apr 2001 16:53:34 -0700 (PDT)
	(envelope-from kris@catonic.net)
Received: from localhost (kris@localhost)
	by Spaz.HuntsvilleAL.COM (8.11.3/8.11.3) with ESMTP id f3RNrUt80532;
	Fri, 27 Apr 2001 23:53:30 GMT
Date: Fri, 27 Apr 2001 23:53:30 +0000 (GMT)
From: Kris Kirby <kris@catonic.net>
X-Sender: kris@spaz.huntsvilleal.com
To: Rick Duvall <maillist@coastsight.com>
Cc: freebsd-questions@FreeBSD.ORG
Subject: Re: IPFW and MAC Addresses
In-Reply-To: <Pine.BSF.4.21.0104271627330.46277-100000@ns1.coastsight.com>
Message-ID: <Pine.BSF.4.21.0104272351550.78554-100000@spaz.huntsvilleal.com>
X-Tech-Support-Email: bofh@catonic.net
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Fri, 27 Apr 2001, Rick Duvall wrote:
> Is there a way to do IPFW on a MAC Address level?  What I am wanting is to
> only allow certain NIC's to pass packets to the Internet, as long as those
> specific NICs have a certain IP address.

How about this:

Load the kernel's arp cache with fixed entries per MAC linking the MAC to
the IP (until a flush) then IPFW the flow. Unless they can impersonate the
MAC address, they won't be able to use that IP. 

-----
Kris Kirby, KE4AHR          | TGIFreeBSD... 'Nuff said.
<kris@nospam.catonic.net>   |    
-------------------------------------------------------
"Fate, it seems, is not without a sense of irony."


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message