Date: Tue, 25 May 2004 20:19:05 +0200 From: Christian Hiris <4711@chello.at> To: freebsd-questions@freebsd.org Cc: "Elijah A.Chancey" <sysadmin@netlinkip.com> Subject: Re: IPFW2 Mac Address Filtering Message-ID: <200405252019.16593.4711@chello.at> In-Reply-To: <48AEC8F6-AE64-11D8-A8D9-000A957911BA@netlinkip.com> References: <48AEC8F6-AE64-11D8-A8D9-000A957911BA@netlinkip.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--Boundary-02=_k44sAIJGw0GAIdC
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
On Tuesday 25 May 2004 17:57, Elijah A.Chancey wrote:
> I've searched high and low, and have read many times that doing mac
> address filtering with ipfw is possible.
>
> I'm running 4.9, have recompiled the kernel with 'options ipfw2', and
> have recompiled libalias & ipfw with ipfw2 support.
>
> I've read through the man pages, and I can't make this particular rule
> work.
>
> I need to block all IP packets EXCEPT for packets coming from specific
> MAC addresses.
>
> Can anyone give me an example of specifically how I should form this
> rule?
>
> Elijah Chancey
> NetlinkIP Sysadmin
>
Don't forget to set sysctl net.link.ether.ipfw=3D1.
[...]
# eth0: MAC of firewall NIC
# eth1: MAC of NIC to allow
# eth_broadcast: broadcast address =20
eth0=3D"00:04:00:00:00:01"
eth1=3D"00:04:00:00:00:02"
eth_broadcast=3D"ff:ff:ff:ff:ff:ff"
${fwcmd} add pass MAC ${eth0} ${eth1} =20
${fwcmd} add pass MAC ${eth1} ${eth0}
${fwcmd} add pass MAC ${eth_broadcast} ${eth0}
${fwcmd} add pass MAC ${eth_broadcast} ${eth1}
[...]
regards
ch
=2D-=20
Christian Hiris <4711@chello.at> | OpenPGP KeyID 0x941B6B0B=20
OpenPGP-Key at hkp://wwwkeys.eu.pgp.net and http://pgp.mit.edu
--Boundary-02=_k44sAIJGw0GAIdC
Content-Type: application/pgp-signature
Content-Description: signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (FreeBSD)
iD8DBQBAs44kcyi/EZQbawsRArHIAKCBe2aI5LTtwH5NyD0ZN3jtFGcnmQCfR7fD
gvDxkbL5rLiSp5hJNeQAXu8=
=7wvw
-----END PGP SIGNATURE-----
--Boundary-02=_k44sAIJGw0GAIdC--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200405252019.16593.4711>