Date: Tue, 31 Aug 2004 21:42:11 +0200 From: Christian Hiris <4711@chello.at> To: freebsd-questions@freebsd.org Cc: Steve Quezadas <steve@tripperjones.com> Subject: Re: Mac filtering with ipfw2 Message-ID: <200408312142.22683.4711@chello.at> In-Reply-To: <001f01c48f74$aa00e460$0401a8c0@SteveWindows> References: <001f01c48f74$aa00e460$0401a8c0@SteveWindows>
index | next in thread | previous in thread | raw e-mail
[-- Attachment #1 --] On Tuesday 31 August 2004 18:07, Steve Quezadas wrote: > Hello, > > I have tried and tried and tried to get mac filtering to work with > ipfw2. I have tried the usual sources (Google Groups, google, mailling > list, man pages, etc). Here it goes: > > I basically want to allow traffic to come from one mac address. I am > trying to get the following rule to work: > > ipfw add accept tcp from any to any MAC any 10:20:30:40:50:60 > > Yes, ipfw2 is on my freebsd system. This rule is basically: "allow > traffic from mac address 10:20:30:40:50:60 to anywhere on the > network". > > What am I doing wrong? Did you set the sysctl net.link.ether.ipfw=1? You can do this in /etc/sysctl.conf or via the sysctl command. If you want to establish any kind of useful communication, you need to allow incoming and outgoing traffic for the specified MAC. # ipfw add pass MAC any 10:20:30:40:50:60 # ipfw add pass MAC 10:20:30:40:50:60 any To use arp requests (which are addressed to ff:ff:ff:ff:ff:ff) you need to allow them a way out, too. # ipfw add pass MAC any ff:ff:ff:ff:ff:ff Cheers, ch -- Christian Hiris <4711@chello.at> | OpenPGP KeyID 0x941B6B0B OpenPGP-Key at hkp://wwwkeys.eu.pgp.net and http://pgp.mit.edu [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (FreeBSD) iD8DBQBBNNSecyi/EZQbawsRAjn5AJ4n2vRIvT4XNujObG7EvOVo6Gy0ZQCgiLdZ IZPmHUddJYDG13/Pj5+TD1s= =oCRU -----END PGP SIGNATURE-----help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200408312142.22683.4711>