From owner-freebsd-questions@FreeBSD.ORG  Mon Jan 29 13:31:04 2007
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: questions@FreeBSD.org
Delivered-To: freebsd-questions@FreeBSD.ORG
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id E2F6B16A400
	for <questions@FreeBSD.org>; Mon, 29 Jan 2007 13:31:04 +0000 (UTC)
	(envelope-from frankstaals@gmx.net)
Received: from mail.gmx.net (mail.gmx.net [213.165.64.20])
	by mx1.freebsd.org (Postfix) with SMTP id 39E1C13C4A6
	for <questions@FreeBSD.org>; Mon, 29 Jan 2007 13:31:04 +0000 (UTC)
	(envelope-from frankstaals@gmx.net)
Received: (qmail invoked by alias); 29 Jan 2007 13:31:03 -0000
Received: from ip176-173-59-62.adsl.versatel.nl (EHLO [192.168.5.5])
	[62.59.173.176]
	by mail.gmx.net (mp051) with SMTP; 29 Jan 2007 14:31:03 +0100
X-Authenticated: #25365336
Message-ID: <45BDF715.6010703@gmx.net>
Date: Mon, 29 Jan 2007 14:31:01 +0100
From: Frank Staals <frankstaals@gmx.net>
User-Agent: Thunderbird 1.5.0.9 (X11/20070125)
MIME-Version: 1.0
To: questions@FreeBSD.org
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Y-GMX-Trusted: 0
Cc: 
Subject: PF and MAC-Filtering ? 
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 29 Jan 2007 13:31:05 -0000

I'm trying to get my FreeBSD gateway with PF firewall to only allow 
acces to my network and internet from a couple computers through MAC 
filtering. I couldn't realy find out what rules I should use; From the 
information I found on google I tried something like this but it seems 
that PF doesn't see the entrie(s) in my mac-table as a mac adres: ( only 
pasted the related rules ) :

block log

### Only allow WLAN connections from trusted Systems::
table <wlanmacs> persist file "/usr/local/etc/pf/wlanmacs"
pass in  on $wlanif from src <wlanmacs> to any keep state
pass out on $wlanif from any to src <wlanmacs> keep state

with in /usr/local/etc/pf/wlanmacs one Mac adres on each line; example:

00:0b:7b:23:33:25

As I said it doesn't seem that PF gets that it should treat the entries 
in the table as mac-adresses. How can I do that ? Or is there a better 
way to achieve the same result  ?

Regards,

-- 
-Frank Staals