From owner-freebsd-net@FreeBSD.ORG  Sun Aug  5 16:24:55 2012
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 5B7D5106564A
	for <freebsd-net@freebsd.org>; Sun,  5 Aug 2012 16:24:55 +0000 (UTC)
	(envelope-from smithi@nimnet.asn.au)
Received: from sola.nimnet.asn.au (paqi.nimnet.asn.au [115.70.110.159])
	by mx1.freebsd.org (Postfix) with ESMTP id D25848FC0C
	for <freebsd-net@freebsd.org>; Sun,  5 Aug 2012 16:24:54 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
	by sola.nimnet.asn.au (8.14.2/8.14.2) with ESMTP id q75GOkVE047845;
	Mon, 6 Aug 2012 02:24:46 +1000 (EST)
	(envelope-from smithi@nimnet.asn.au)
Date: Mon, 6 Aug 2012 02:24:46 +1000 (EST)
From: Ian Smith <smithi@nimnet.asn.au>
To: h bagade <bagadeh@gmail.com>
In-Reply-To: <CAARSjE140_Z-7KLXQ2nx7fOGgYJqhQW4Dp=dhn32DCodMvbM6Q@mail.gmail.com>
Message-ID: <20120806021230.I93465@sola.nimnet.asn.au>
References: <CAARSjE140_Z-7KLXQ2nx7fOGgYJqhQW4Dp=dhn32DCodMvbM6Q@mail.gmail.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Cc: freebsd-net@freebsd.org
Subject: Re: problem with mac option on ipfw rule
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 05 Aug 2012 16:24:55 -0000

On Sun, 5 Aug 2012 13:40:21 +0430, h bagade wrote:
 > Hi all,
 > 
 > I have problem with setting mac option on ipfw rule. I want to drop all
 > traffic but the traffic with source mac for example 11:22:33:44:55:66. I
 > thought it would be possible using the not option to do the work and I have
 > a set of rules like this:
 > 
 > ipfw -q add 500 set 6 skipto 501 from any to any { not mac any
 >  11:22:33:44:55:66}
 > ipfw -q add 501 set 6 drop altq test all from any to any
 > ipfw -q add 500 set 6 allow all from any to any
 > 
 > I expect it to drop traffic that src mac is not 11:22:33:44:55:66, but it
 > doesn't work! I've checked it for traffic with and without
 > src-mac: 11:22:33:44:55:66 and all dropped!
 > 
 > Could anyone tell me what's wrong with my understanding?

Read section 'PACKET FLOW' in ipfw(8) carefully.  Apart from the need to 
separate out layer 3 packets before testing layer 2 headers against MAC 
addresses, it specifically warns about what 'not' means in that context.

Also check net.link.ether.ipfw in the SYSCTL VARIABLES section; without 
that set you won't see so can't test layer 2 packets at all.

cheers, Ian