Date: Tue, 31 Aug 2004 21:42:11 +0200 From: Christian Hiris <4711@chello.at> To: freebsd-questions@freebsd.org Cc: Steve Quezadas <steve@tripperjones.com> Subject: Re: Mac filtering with ipfw2 Message-ID: <200408312142.22683.4711@chello.at> In-Reply-To: <001f01c48f74$aa00e460$0401a8c0@SteveWindows> References: <001f01c48f74$aa00e460$0401a8c0@SteveWindows>
next in thread | previous in thread | raw e-mail | index | archive | help
--Boundary-02=_eSNNBhPOh8kiQj4 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Tuesday 31 August 2004 18:07, Steve Quezadas wrote: > Hello, > > I have tried and tried and tried to get mac filtering to work with > ipfw2. I have tried the usual sources (Google Groups, google, mailling > list, man pages, etc). Here it goes: > > I basically want to allow traffic to come from one mac address. I am > trying to get the following rule to work: > > ipfw add accept tcp from any to any MAC any 10:20:30:40:50:60 > > Yes, ipfw2 is on my freebsd system. This rule is basically: "allow > traffic from mac address 10:20:30:40:50:60 to anywhere on the > network". > > What am I doing wrong? Did you set the sysctl net.link.ether.ipfw=3D1? You can do this=20 in /etc/sysctl.conf or via the sysctl command. If you want to establish any kind of useful communication, you need to allo= w=20 incoming and outgoing traffic for the specified MAC.=20 # ipfw add pass MAC any 10:20:30:40:50:60 # ipfw add pass MAC 10:20:30:40:50:60 any =20 To use arp requests (which are addressed to ff:ff:ff:ff:ff:ff) you need to= =20 allow them a way out, too. =20 # ipfw add pass MAC any ff:ff:ff:ff:ff:ff=20 Cheers, ch=20 =2D-=20 Christian Hiris <4711@chello.at> | OpenPGP KeyID 0x941B6B0B=20 OpenPGP-Key at hkp://wwwkeys.eu.pgp.net and http://pgp.mit.edu --Boundary-02=_eSNNBhPOh8kiQj4 Content-Type: application/pgp-signature Content-Description: signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (FreeBSD) iD8DBQBBNNSecyi/EZQbawsRAjn5AJ4n2vRIvT4XNujObG7EvOVo6Gy0ZQCgiLdZ IZPmHUddJYDG13/Pj5+TD1s= =oCRU -----END PGP SIGNATURE----- --Boundary-02=_eSNNBhPOh8kiQj4--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200408312142.22683.4711>