From owner-freebsd-security  Sun May  5  6:15:44 2002
Delivered-To: freebsd-security@freebsd.org
Received: from mail.gmx.net (mail.gmx.net [213.165.64.20])
	by hub.freebsd.org (Postfix) with SMTP id 410F537B409
	for <security@FreeBSD.ORG>; Sun,  5 May 2002 06:15:30 -0700 (PDT)
Received: (qmail 13329 invoked by uid 0); 5 May 2002 13:15:28 -0000
Received: from p50910363.dip0.t-ipconnect.de (HELO mail.gsinet.sittig.org) (80.145.3.99)
  by mail.gmx.net (mp007-rz3) with SMTP; 5 May 2002 13:15:28 -0000
Received: (qmail 81440 invoked from network); 5 May 2002 10:21:42 -0000
Received: from shell.gsinet.sittig.org (192.168.11.153)
  by mail.gsinet.sittig.org with SMTP; 5 May 2002 10:21:42 -0000
Received: (from sittig@localhost)
	by shell.gsinet.sittig.org (8.11.3/8.11.3) id g45ALgG81436
	for security@FreeBSD.ORG; Sun, 5 May 2002 12:21:42 +0200 (CEST)
	(envelope-from sittig)
Date: Sun, 5 May 2002 12:21:42 +0200
From: Gerhard Sittig <Gerhard.Sittig@gmx.net>
To: security@FreeBSD.ORG
Subject: Re: fixed IP <-> MAC assignment (was: ipfw)
Message-ID: <20020505122142.W1494@shell.gsinet.sittig.org>
Mail-Followup-To: security@FreeBSD.ORG
References: <F93OUDxTcg2yWsqdiDu00006aa0@hotmail.com> <20020505135655.A320@grosbein.pp.ru>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <20020505135655.A320@grosbein.pp.ru>; from eugen@D00015.dialonly.kemerovo.su on Sun, May 05, 2002 at 01:56:55PM +0800
Organization: System Defenestrators Inc.
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Sun, May 05, 2002 at 13:56 +0800, Eugene Grosbein wrote:
> 
> On Sat, May 04, 2002 at 08:36:52PM -0700, William J. Borskey wrote:
> 
> > is it possible to write rules for ipfw using ethernet addresses instead of 
> > ip addresses?
> 
> You can have frozen ARP table and use ip addresses for ipfw
> to achieve the same effect. Check this out:
> http://www.FreeBSD.org/cgi/query-pr.cgi?pr=kern/36373

Do you want to followup to PR conf/23063 which has the rc.network
stuff to setup the static ARP table?  In its current form it
completely turns off ARP for the interface.  You might want to
do the sysctl operation instead.


virtually yours   82D1 9B9C 01DC 4FB4 D7B4  61BE 3F49 4F77 72DE DA76
Gerhard Sittig   true | mail -s "get gpg key" Gerhard.Sittig@gmx.net
-- 
     If you don't understand or are scared by any of the above
             ask your parents or an adult to help you.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message