From owner-freebsd-questions@FreeBSD.ORG Tue Jun 24 19:08:09 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 776B8106564A for ; Tue, 24 Jun 2008 19:08:09 +0000 (UTC) (envelope-from sfourman@gmail.com) Received: from py-out-1112.google.com (py-out-1112.google.com [64.233.166.180]) by mx1.freebsd.org (Postfix) with ESMTP id 3A3688FC15 for ; Tue, 24 Jun 2008 19:08:09 +0000 (UTC) (envelope-from sfourman@gmail.com) Received: by py-out-1112.google.com with SMTP id p76so1457521pyb.10 for ; Tue, 24 Jun 2008 12:08:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:cc:in-reply-to:mime-version:content-type :content-transfer-encoding:content-disposition:references; bh=nNYgM+aIgpbKZFbNAFIXNp3vkaVUAp6+exzjN+Lo7og=; b=joWmWNcGC2LyEc7dIEWWBSBJDPTC2a2wg3WQm5qgIR3FJsZQ7MYjeslbUPJgR2o8bV iDBDjZnJBG5t61lEsvMYRJfU2bT5Uyb/zfdjfl2qZ9ncZu8jvPfm7NWkH+cYNG7+P+8S yzNucdQTmSqd+7rEsVhM0hxrPalnmMwbrv7Xw= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:cc:in-reply-to:mime-version :content-type:content-transfer-encoding:content-disposition :references; b=ZIiR5c3Jei7T99ZaSa3ttSppiOR8SnkF75TmDoun1EZvlecPAILLi3cGDjSA5Qc+v3 USapn2U8JhhC/vTxuaO08EfFU59Rm/sIBfd5Lp15vaLxhDYRx39tr9aPr6aLmMLGSOCj P0X3jratS77qSzSQbt6lBkG8zH1M02a7SI80M= Received: by 10.141.161.6 with SMTP id n6mr15242453rvo.201.1214334488141; Tue, 24 Jun 2008 12:08:08 -0700 (PDT) Received: by 10.141.28.19 with HTTP; Tue, 24 Jun 2008 12:08:07 -0700 (PDT) Message-ID: <11167f520806241208v2f69e936lf9e61a7f74c6be85@mail.gmail.com> Date: Tue, 24 Jun 2008 14:08:07 -0500 From: sfourman@gmail.com To: "Chuck Swiger" In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <3d0101c8d61f$65630ea0$dc96eed5@ihlasnetym> Cc: Yavuz Maslak , freebsd-questions@freebsd.org Subject: Re: how to reject all mac addresses except some mac addresses using ipfw? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Jun 2008 19:08:09 -0000 would you have a working example on how to deny traffic from a mac address if it is not using a allowed ip address.. I would like to use pf On 6/24/08, Chuck Swiger wrote: > On Jun 24, 2008, at 10:26 AM, Yavuz Maslak wrote: >> 1- I want to fix an ip address for each mac address. But some pc and >> servers have more than an ip address. How can I map multiple ip >> addresses for a mac address? > > Most people use ifconfig, perhaps indirectly via /etc/rc.conf. > >> 2- I want to allow these fixed mac addresses using ipfw. After that >> I want to deny all mac address via the server's local ethernet >> card. How can I do these cases? > > Few choose to go that route, but you can disable ARP and set up /etc/ > ethers, or you could even fire up your favorite firewall (IPFW, PF, > whatever), and add allow rules for the permitted MAC addresses, and > deny all others. > > -- > -Chuck > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" >