Date: Fri, 28 Feb 2003 19:35:12 +0000 From: "Neil Long" <neil.long@computing-services.oxford.ac.uk> To: freebsd-stable@freebsd.org Subject: IPFW2 MAC restrictions and packet forwarding Message-ID: <1030228193513.ZM14859@ratbert.oucs.ox.ac.uk>
next in thread | raw e-mail | index | archive | help
Hi 4.7-Release from CD, kernel rebuilt with IPFIREWALL, IPFW2, IPFILTER (ipfw and libalias built with IPFW2=TRUE) Does anyone have any example ipfw command sets to show how to limit access on one interface to specific incoming MACs i.e. I want to allow IPs incoming on ed0 to exit ed1 nated as the IP on ed1 (ipnat is easy bit). (ipnat is running and I set sysctl net.inet.ip.forwarding=1 net.link.ether.ipfw=1) It works with an open-type ipfw list but I haven't been able to figure out all the MAC based rules that are needed as soon as I apply a default deny on ed0. ?net.link.ether.bridge_ipfw=1 and bridge.ko needed? I think the problem is my complete lack of understanding as to the layer2 rules (and even MAC any any layer2 type invocations are not scoring any hits.) I guess I would just like to hear from someone that such a scenario does work on 4.7 :-) thanks Neil -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Dr Neil J Long, Computing Services, University of Oxford 13 Banbury Road, Oxford, OX2 6NN, UK Tel:+44 1865 273232 Fax:+44 1865 273275 EMail: Neil.Long@computing-services.oxford.ac.uk PGP: ID 0xE88EF71F OxCERT: oxcert@ox.ac.uk PGP: ID 0x9FF898D5 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1030228193513.ZM14859>