From owner-freebsd-questions@FreeBSD.ORG Tue May 3 03:26:06 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 06FB216A4CE for ; Tue, 3 May 2005 03:26:06 +0000 (GMT) Received: from skipjack.no-such-agency.net (skipjack.no-such-agency.net [64.142.114.146]) by mx1.FreeBSD.org (Postfix) with ESMTP id B6E3643D77 for ; Tue, 3 May 2005 03:26:05 +0000 (GMT) (envelope-from jpp@cloudview.com) Received: from skipjack.no-such-agency.net (localhost [127.0.0.1]) by skipjack.no-such-agency.net (Postfix) with ESMTP id 6E45D34DA11; Mon, 2 May 2005 20:26:05 -0700 (PDT) Received: from [192.168.2.120] (blackhole.no-such-agency.net [64.142.103.196]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by skipjack.no-such-agency.net (Postfix) with ESMTP id BF47534D435; Mon, 2 May 2005 20:26:04 -0700 (PDT) Message-ID: <4276EF4B.8000305@cloudview.com> Date: Mon, 02 May 2005 20:26:03 -0700 From: John Pettitt User-Agent: Mozilla Thunderbird 1.0.2 (Windows/20050317) X-Accept-Language: en-us, en MIME-Version: 1.0 To: faisal gillani References: <20050503031357.69849.qmail@web51108.mail.yahoo.com> In-Reply-To: <20050503031357.69849.qmail@web51108.mail.yahoo.com> X-Enigmail-Version: 0.90.1.1 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-AV-Checked: by skipjack cc: FreeBSD Subject: Re: blocking MAC address with ipfw ? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 May 2005 03:26:06 -0000 faisal gillani wrote: > faisal gillani wrote: > >how can i block a MAC address with ipfw ? >can you share the syntax please ? > > >thanks > man ipfw reveals ... { MAC | mac } dst-mac src-mac Match packets with a given dst-mac and src-mac addresses, speci- fied as the any keyword (matching any MAC address), or six groups of hex digits separated by colons, and optionally followed by a mask indicating the significant bits. The mask may be specified using either of the following methods: 1. A slash (/) followed by the number of significant bits. For example, an address with 33 significant bits could be specified as: MAC 10:20:30:40:50:60/33 any 2. An ampersand (&) followed by a bitmask specified as six groups of hex digits separated by colons. For example, an address in which the last 16 bits are significant could be specified as: MAC 10:20:30:40:50:60&00:00:00:00:ff:ff any Note that the ampersand character has a special meaning in many shells and should generally be escaped. Note that the order of MAC addresses (destination first, source second) is the same as on the wire, but the opposite of the one used for IP addresses. So ipfw add 999 deny MAC any 10:20:30:40:50:60/33 would be a valid rule. > > >*º¤., ¸¸,.¤º*¨¨¨*¤ Allah-hu-Akber*º¤., ¸¸,.¤º*¨¨*¤ > God is the Greatest > > > > >__________________________________ >Do you Yahoo!? >Yahoo! Mail - now with 250MB free storage. Learn more. >http://info.mail.yahoo.com/mail_250 >_______________________________________________ >freebsd-questions@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-questions >To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" > > >