Date: Mon, 15 Aug 2005 17:39:51 -0500 From: Greg Barniskis <nalists@scls.lib.wi.us> To: freebsd-questions@freebsd.org Cc: vladone <vladone@spaingsm.com> Subject: Re: i can't block win98 computers Message-ID: <430119B7.6040409@scls.lib.wi.us> In-Reply-To: <20050815211711.GB70491@slackbox.xs4all.nl> References: <534500571.20050815232810@spaingsm.com> <20050815211711.GB70491@slackbox.xs4all.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
Roland Smith wrote: > On Mon, Aug 15, 2005 at 11:28:10PM +0300, vladone wrote: > >>Hi! >>I try to block some computers to acces my gateway based on MAC >>address. >>I use this ipfw rule: >> ipfw add 100 deny mac any xx:yy:aa:bb:cc:dd in via $private_interface >>With this i can block XP computers but not work with Win98. I dont >>understand what is happened! > > > As the ipfw manpage states, you can filter on layer-2 header fields (of > which the MAC address is one) _where available_. > > It could be that Win98 doesn't correctly list the MAC address in the > packets. You could try using tcpdump to check the packets. > > Roland I think you could correct this problem by reversing the rule construction. Instead of denying all the bad MACs, create rules that permit all the good MACs and that deny all other traffic. All packets with unidentified MACs would then get dropped. Of course, this won't work if you have some Win98 boxes that you'd like to pass, and some that you'd like to drop. Otherwise, maybe you could fix the problem by installing FreeBSD on all the Win98 machines. 8) -- Greg Barniskis, Computer Systems Integrator South Central Library System (SCLS) Library Interchange Network (LINK) <gregb at scls.lib.wi.us>, (608) 266-6348
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?430119B7.6040409>