Test this: ipfw add 190 allow ip from any to any layer2 mac-type arp $cmd add 192 skipto 201 MAC any xx:xx:xx:xx:xx:xx in via $pif layer2 ......................................................................................................................................... $cmd add 200 deny MAC any any in recv $pif layer2
This is part from a sh script where $pif is an variable that represent your private interface (ex. pif="fxp0"), and cmd="/sbin/ipfw -q" Rule 190 allow arp broadcast traffic. Without this rule traffic will be blocked after few minutes. Rules from 192 to 199 (obviously u can put any number) contain mac's that u want to allow. Rules 200 block all rest of traffic with wrong mac. Be careful if u want to make traffic shaping, because with layer 2 activated, packets are filtered twice, at ip level and mac level. My sincerely recommendation is to use pppoe. Is easy to implement with mpd4 and is secure. _______________________________________________ freebsd-ipfw@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "[EMAIL PROTECTED]"