On Tuesday, 21. February 2006 15:12, Cesar wrote: > Hi, > > I wanted to finish my firewall rules doing a "deny all from any to any", > but I can't do that with mac filtering at same time. Let me explain. > > Since I use ipfw mac filter, I have the sysctl variable > "net.link.ether.ipfw: 1"; > > My FreeBSD box have the IP 10.0.0.1 and my Windows box 10.0.0.2. > > An example of my rules: > > 00001 0 0 allow ip from 10.0.0.2 MAC any 00:13:20:27:80:d6 any > 00002 0 0 allow ip from any to 10.0.0.2 MAC 00:13:20:27:80:d6 any > 65535 0 0 allow ip from any to any > > This works fine, the rules 1 and 2 get some match when I do ping from > Windows box to FreeBSD. > After this test, I added the rule "65534 0 0 deny ip from any to any". > It still works, but after some time if I have no traffic from 10.0.0.2, > FreeBSD appear to remove the arp entry for that IP, if I do a "arp -a", I > get : > > ? (10.0.0.1) at 00:08:54:29:ff:17 on xl0 [ethernet]
Set up rules that allow arp broadcasts like: ipfw add pass MAC any ff:ff:ff:ff:ff:ff ipfw add pass MAC ff:ff:ff:ff:ff:ff any Cheers ch -- Christian Hiris <[EMAIL PROTECTED]> | OpenPGP KeyID 0x3BCA53BE OpenPGP-Key at hkp://wwwkeys.eu.pgp.net and http://pgp.mit.edu
pgpWSXAa4p72t.pgp
Description: PGP signature
