From owner-freebsd-stable@FreeBSD.ORG  Thu Jan 31 11:05:23 2008
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 6C80C16A41A
	for <freebsd-stable@freebsd.org>; Thu, 31 Jan 2008 11:05:23 +0000 (UTC)
	(envelope-from rb@gid.co.uk)
Received: from gidgate.gid.co.uk (gid.co.uk [194.32.164.225])
	by mx1.freebsd.org (Postfix) with ESMTP id D3E5C13C44B
	for <freebsd-stable@freebsd.org>; Thu, 31 Jan 2008 11:05:22 +0000 (UTC)
	(envelope-from rb@gid.co.uk)
Received: from rbPBP.gid.co.uk (host-83-146-60-88.dslgb.com [83.146.60.88])
	by gidgate.gid.co.uk (8.13.8/8.13.8) with ESMTP id m0VAoPsn038143;
	Thu, 31 Jan 2008 10:50:25 GMT (envelope-from rb@gid.co.uk)
Message-Id: <53A7C877-8199-41C7-BAC5-C4F7E460B9D0@gid.co.uk>
From: Bob Bishop <rb@gid.co.uk>
To: =?ISO-8859-1?Q?Szemer=E9dy_G=E1bor?= <gaborszem@eccf.su.ac.yu>
In-Reply-To: <47A213DD.1060806@eccf.su.ac.yu>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed; delsp=yes
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (Apple Message framework v915)
Date: Thu, 31 Jan 2008 10:50:21 +0000
References: <47A213DD.1060806@eccf.su.ac.yu>
X-Mailer: Apple Mail (2.915)
Cc: freebsd-stable@freebsd.org
Subject: Re: Allowing access to IP/MAC pairs only
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>, 
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 31 Jan 2008 11:05:23 -0000

Hi,

On 31 Jan 2008, at 18:30, Szemer=E9dy G=E1bor wrote:

> Hello list!
> We have feeBSD 6.2 machines with local subnets on the servers and =20
> would like to allow access to the internet only for workstations =20
> with exact IP/MAC pairs and deny access for not predefined pairs.
> Is there a solution in firewall settings?

In ipfw, something like:

allow ip from <ip A> to any mac any <mac of ip A>
allow ip from <ip B> to any mac any <mac of ip B>
...
deny ip from any to any

Beware that MAC addresses are given in the order dest, src.

--
Bob Bishop          +44 (0)118 940 1243
rb@gid.co.uk fax +44 (0)118 940 1295