IPFW2 Mac Address Filtering
I've searched high and low, and have read many times that doing mac address filtering with ipfw is possible. I'm running 4.9, have recompiled the kernel with 'options ipfw2', and have recompiled libalias ipfw with ipfw2 support. I've read through the man pages, and I can't make this particular rule work. I need to block all IP packets EXCEPT for packets coming from specific MAC addresses. Can anyone give me an example of specifically how I should form this rule? Elijah Chancey NetlinkIP Sysadmin ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: IPFW2 Mac Address Filtering
On Tuesday 25 May 2004 17:57, Elijah A.Chancey wrote: I've searched high and low, and have read many times that doing mac address filtering with ipfw is possible. I'm running 4.9, have recompiled the kernel with 'options ipfw2', and have recompiled libalias ipfw with ipfw2 support. I've read through the man pages, and I can't make this particular rule work. I need to block all IP packets EXCEPT for packets coming from specific MAC addresses. Can anyone give me an example of specifically how I should form this rule? Elijah Chancey NetlinkIP Sysadmin Don't forget to set sysctl net.link.ether.ipfw=1. [...] # eth0: MAC of firewall NIC # eth1: MAC of NIC to allow # eth_broadcast: broadcast address eth0=00:04:00:00:00:01 eth1=00:04:00:00:00:02 eth_broadcast=ff:ff:ff:ff:ff:ff ${fwcmd} add pass MAC ${eth0} ${eth1} ${fwcmd} add pass MAC ${eth1} ${eth0} ${fwcmd} add pass MAC ${eth_broadcast} ${eth0} ${fwcmd} add pass MAC ${eth_broadcast} ${eth1} [...] regards ch -- Christian Hiris [EMAIL PROTECTED] | OpenPGP KeyID 0x941B6B0B OpenPGP-Key at hkp://wwwkeys.eu.pgp.net and http://pgp.mit.edu pgpxi3Pdngqfq.pgp Description: signature