From owner-freebsd-ipfw@FreeBSD.ORG  Sat Apr 19 01:06:51 2003
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 7A43137B445
	for <freebsd-ipfw@freebsd.org>; Sat, 19 Apr 2003 01:06:49 -0700 (PDT)
Received: from mout2.freenet.de (mout2.freenet.de [194.97.50.155])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 4806D43FD7
	for <freebsd-ipfw@freebsd.org>; Sat, 19 Apr 2003 01:06:48 -0700 (PDT)
	(envelope-from ino-qc@spotteswoode.de.eu.org)
Received: from [194.97.50.136] (helo=mx3.freenet.de)
	by mout2.freenet.de with asmtp (Exim 4.14)
	id 196nN0-00052w-TL
	for freebsd-ipfw@freebsd.org; Sat, 19 Apr 2003 10:06:46 +0200
Received: from p3e9baaa4.dip.t-dialin.net ([62.155.170.164]
	helo=spotteswoode.dnsalias.org)
	by mx3.freenet.de with asmtp (ID inode@freenet.de) (Exim 4.14 #2)
	id 196nN0-00007O-G6
	for freebsd-ipfw@freebsd.org; Sat, 19 Apr 2003 10:06:46 +0200
Received: (qmail 1327 invoked by uid 0); 19 Apr 2003 08:07:07 -0000
Date: 19 Apr 2003 10:07:07 +0200
Message-ID: <wuhqud04.fsf@ID-23066.news.dfncis.de>
From: "clemens fischer" <ino-qc@spotteswoode.de.eu.org>
To: freebsd-ipfw@freebsd.org
In-Reply-To: <Sea2-DAV53hsKd6QR7j00000b77@hotmail.com> (The Jetman's message
 of "Fri, 18 Apr 2003 17:47:50 -0400")
References: <Sea2-DAV53hsKd6QR7j00000b77@hotmail.com>
User-Agent: Gnus/5.090019 (Oort Gnus v0.19) Emacs/21.3.50 (berkeley-unix)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Subject: Re: [Q-4.8-R] Can Anyone Help With Questions About MAC Filtering
 and IPFW2 ?
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 19 Apr 2003 08:06:51 -0000

"The Jetman" <jetman516@hotmail.com>:

>     I'm using 4.8-RELEASE to implement MAC-filtering bridge for my 
> wireless network.  Altho I am relatively new w/ FBSD (since Apr '02), 
> I've been getting the desired results writing my own rules for IPFW.  My 
> 1st attempt w/ IPFW2 was successful, but I can't figure out why !

please (i) check the packet flow picture in the man page, (ii) post
your rules with variables substituted, (iii) post the original rules
from "a guy showed his 1st effort" and (iv) your working ipfw1 rules,
unless this gets to be several hundred lines, of course.  also,
there's no information on the structure of your network.

  "The recv interface can be tested on either incoming or outgoing
  packets, while the xmit interface can only be tested on outgoing
  packets.  So out is required (and in is invalid) whenever xmit is
  used.

  A packet may not have a receive or transmit interface: packets
  originating from the local host have no receive interface, while
  packets destined for the local host have no transmit interface."

> (3) ${fwcmd} add allow ${ipanyany}

(3) is dangerous if you don't understand the matching!  there's no
anti-spoofing.

  clemens