On 10/5/05, Foo Ji-Haw <[EMAIL PROTECTED]> wrote: > Hello all, > > I'd like your feedback on a problem I have with allowing access through the > ipfw firewall via mac addresses. > > Andrew has a good point on mac address spoofing. I agree with him on the > security concern, but for the situation that I am setting up, that's ok. But > I really need to open the firewall via mac address. > > Let me detail my setup: > dc0 is the interface to the Internet > vr0 is the interface to the managed network > > I tried to read up on ipfw rules on mac, and I got something like this: > allow ip from any to any MAC any 00:90:d1:00:80:00/33 > > It does not work of course, but ipfw accepted the command. Basically I need > the client with the mac address to be able to go pass the firewall in > totality. > > Can anyone enlighten me on the correct format? Thanks in advance.
Thanks for the credit :-) see "man ipfw", particularly the PACKET FLOW section Try this: allow ip from any to any layer2 out MAC any 00:90:d1:00:80:00/33 allow ip from any to any layer2 in MAC 00:90:d1:00:80:00/33 any allow ip from any to any layer2 via <trusted-if> deny ip from any to any layer2 _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"