Hi,
Nomad Esst wrote,
I want filter packets based on their MAC address. After many hours of googling
I found out that such filtering is done via bridge. I just want to know are
there any ways besides this??? I also found these patches which are to old an I
could not apply them on my FBSD 8.2 ....
Any suggestions? I'm so disappointed ...
Never made such a config on FreeBSD but on OpenBSD :
A bridge (even with a single interface) is, as far as I know, mandatory
to filter MAC based packets.
A "rulefile" : /etc/l2filter like this :
### WKS1 ########
pass in on trunk0 src 00:1d:72:b0:b3:94 tag wks1lan
### WKS2 ########
pass in on trunk0 src 00:1d:72:b0:b3:91 tag wks2lan
### WKS3 ########
pass in on trunk0 src 08:00:27:50:fe:f4 tag wks3lan
### WKS4 ########
pass in on trunk0 src 08:00:27:03:7f:9b tag wks4lan
### WKS5 ########
pass in on trunk0 src 08:00:27:45:d3:27 tag wks5lan
### WKS6 #########
pass in on trunk0 src 00:1f:16:f0:dc:55 tag wks6lan
...
Bringing the rulefile on the bridge :
ifconfig bridge0 rulefile /etc/l2filter
pf rule sample :
pass in quick on $int_if inet proto tcp from $lan_nets to !
<localnets_v4> port { www, https } tagged wks4lan tag fromlan keep state
If modifications are made in /etc/l2filter (and trunk0 and re2 bridged
themselves) :
ifconfig bridge0 flushrule re2
ifconfig bridge0 flushrule trunk0
ifconfig bridge0 rulefile /etc/l2filter
to disable :
ifconfig bridge0 flushrule re2
ifconfig bridge0 flushrule trunk0
ifconfig bridge0 rule pass in on re2
ifconfig bridge0 rule pass in on trunk0
Remember it is an OpenBSD (native) configuration, I don't know if it
applies on FreeBSD.
Regards.
Christophe.
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "[email protected]"
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "[email protected]"
