Date: Mon, 29 Jan 2007 18:13:00 +0100 From: Philipp Wuensche <cryx-freebsd@h3q.com> To: Frank Staals <frankstaals@gmx.net> Cc: questions@FreeBSD.org Subject: Re: PF and MAC-Filtering ? Message-ID: <45BE2B1C.8010302@h3q.com> In-Reply-To: <45BDF715.6010703@gmx.net> References: <45BDF715.6010703@gmx.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Frank Staals wrote: > I'm trying to get my FreeBSD gateway with PF firewall to only allow > acces to my network and internet from a couple computers through MAC > filtering. I couldn't realy find out what rules I should use; From the > information I found on google I tried something like this but it seems > that PF doesn't see the entrie(s) in my mac-table as a mac adres: ( only > pasted the related rules ) : > > block log > > ### Only allow WLAN connections from trusted Systems:: > table <wlanmacs> persist file "/usr/local/etc/pf/wlanmacs" > pass in on $wlanif from src <wlanmacs> to any keep state > pass out on $wlanif from any to src <wlanmacs> keep state > > with in /usr/local/etc/pf/wlanmacs one Mac adres on each line; example: > > 00:0b:7b:23:33:25 > > As I said it doesn't seem that PF gets that it should treat the entries > in the table as mac-adresses. How can I do that ? Or is there a better > way to achieve the same result ? Just filter by ip-addr. on your gateway, it gives you the same level of security as filtering by mac-addr. and configure your basestation to only accept clients with mac-addr. you have allowed. If you need some kind of authentication, take a look at authpf. greetings, philipp
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?45BE2B1C.8010302>