Date: Thu, 31 Jan 2008 22:57:52 +0700 From: Eugene Grosbein <eugen@kuzbass.ru> To: Szemer?dy G?bor <gaborszem@eccf.su.ac.yu> Cc: freebsd-stable@freebsd.org Subject: Re: Allowing access to IP/MAC pairs only Message-ID: <20080131155752.GA56720@svzserv.kemerovo.su> In-Reply-To: <47A213DD.1060806@eccf.su.ac.yu> References: <47A213DD.1060806@eccf.su.ac.yu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Jan 31, 2008 at 10:30:53AM -0800, Szemer?dy G?bor wrote: > We have feeBSD 6.2 machines with local subnets on the servers and would > like to allow access to the internet only for workstations with exact > IP/MAC pairs and deny access for not predefined pairs. > Is there a solution in firewall settings? You need not any firewall for that. Just use "ifconfig em0 staticarp" disable ARP table updates for interface em0 (replace em0 with your interface name) and load IP/MAC pairs into ARP table with "arp -f arps_em0" command where file named "arps_em0" contains those pairs: 10.10.10.10 00:11:22:33:44:55 10.10.10.11 00:11:22:33:44:56 10.10.10.12 00:11:22:33:44:57 Eugene Grosbein
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080131155752.GA56720>