From owner-freebsd-security Fri Dec 28 14:52:49 2001 Delivered-To: freebsd-security@freebsd.org Received: from nms2.ggamaur.net (nms2.ggamaur.net [213.160.40.14]) by hub.freebsd.org (Postfix) with ESMTP id 9C09637B426 for ; Fri, 28 Dec 2001 14:52:42 -0800 (PST) Received: from merlin (c-213-160-32-54.customer.ggaweb.ch [213.160.32.54]) by nms2.ggamaur.net (8.11.3/8.11.3) with SMTP id fBSMqZ329961 for ; Fri, 28 Dec 2001 23:52:35 +0100 (CET) (envelope-from mail@maxlor.com) From: "Maxlor" To: Subject: RE: ipfw by MAC Date: Fri, 28 Dec 2001 23:52:31 +0100 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 In-Reply-To: <20011228114927.A43549@ke7hc.net> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > eliminiated or automated, I'd like to do so. I suppose that tying the > firewall rules to the MAC address would be one way of doing that, but > since that isn't supported, I'm curious if anyone has come up with a > different way of doing it. Couldn't such a behaviour be achieved by using the NIC name in your rules, and the magical "me" keyword. Eg: I have my firewall configured such that it allows port 80 connections to it from the inside, but disallows them from the outside (dc0 is my outside NIC, ed0 is my inside NIC) ... ipfw add 10000 allow tcp from any to me 80 via ed0 ... ipfw add 60000 deny ip from any to any also, the "in" and "out" keywords can help shaping the traffic the way you want. Have a lot of fun, Maxlor To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message