On Tuesday 25 May 2004 17:57, Elijah A.Chancey wrote: > I've searched high and low, and have read many times that doing mac > address filtering with ipfw is possible. > > I'm running 4.9, have recompiled the kernel with 'options ipfw2', and > have recompiled libalias & ipfw with ipfw2 support. > > I've read through the man pages, and I can't make this particular rule > work. > > I need to block all IP packets EXCEPT for packets coming from specific > MAC addresses. > > Can anyone give me an example of specifically how I should form this > rule? > > Elijah Chancey > NetlinkIP Sysadmin >
Don't forget to set sysctl net.link.ether.ipfw=1.
[...]
# eth0: MAC of firewall NIC
# eth1: MAC of NIC to allow
# eth_broadcast: broadcast address
eth0="00:04:00:00:00:01"
eth1="00:04:00:00:00:02"
eth_broadcast="ff:ff:ff:ff:ff:ff"
${fwcmd} add pass MAC ${eth0} ${eth1}
${fwcmd} add pass MAC ${eth1} ${eth0}
${fwcmd} add pass MAC ${eth_broadcast} ${eth0}
${fwcmd} add pass MAC ${eth_broadcast} ${eth1}
[...]
regards
ch
--
Christian Hiris <[EMAIL PROTECTED]> | OpenPGP KeyID 0x941B6B0B
OpenPGP-Key at hkp://wwwkeys.eu.pgp.net and http://pgp.mit.edu
pgpxi3Pdngqfq.pgp
Description: signature
