Date: 19 Apr 2003 10:07:07 +0200 From: "clemens fischer" <ino-qc@spotteswoode.de.eu.org> To: freebsd-ipfw@freebsd.org Subject: Re: [Q-4.8-R] Can Anyone Help With Questions About MAC Filtering and IPFW2 ? Message-ID: <wuhqud04.fsf@ID-23066.news.dfncis.de> In-Reply-To: <Sea2-DAV53hsKd6QR7j00000b77@hotmail.com> (The Jetman's message of "Fri, 18 Apr 2003 17:47:50 -0400") References: <Sea2-DAV53hsKd6QR7j00000b77@hotmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
"The Jetman" <jetman516@hotmail.com>:
> I'm using 4.8-RELEASE to implement MAC-filtering bridge for my
> wireless network. Altho I am relatively new w/ FBSD (since Apr '02),
> I've been getting the desired results writing my own rules for IPFW. My
> 1st attempt w/ IPFW2 was successful, but I can't figure out why !
please (i) check the packet flow picture in the man page, (ii) post
your rules with variables substituted, (iii) post the original rules
from "a guy showed his 1st effort" and (iv) your working ipfw1 rules,
unless this gets to be several hundred lines, of course. also,
there's no information on the structure of your network.
"The recv interface can be tested on either incoming or outgoing
packets, while the xmit interface can only be tested on outgoing
packets. So out is required (and in is invalid) whenever xmit is
used.
A packet may not have a receive or transmit interface: packets
originating from the local host have no receive interface, while
packets destined for the local host have no transmit interface."
> (3) ${fwcmd} add allow ${ipanyany}
(3) is dangerous if you don't understand the matching! there's no
anti-spoofing.
clemens
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?wuhqud04.fsf>