IPFW2 Mac Address Filtering
I've searched high and low, and have read many times that doing mac address filtering with ipfw is possible. I'm running 4.9, have recompiled the kernel with 'options ipfw2', and have recompiled libalias ipfw with ipfw2 support. I've read through the man pages, and I can't make this particular rule work. I need to block all IP packets EXCEPT for packets coming from specific MAC addresses. Can anyone give me an example of specifically how I should form this rule? Elijah Chancey NetlinkIP Sysadmin ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: IPFW2 Mac Address Filtering
On Tuesday 25 May 2004 17:57, Elijah A.Chancey wrote:
I've searched high and low, and have read many times that doing mac
address filtering with ipfw is possible.
I'm running 4.9, have recompiled the kernel with 'options ipfw2', and
have recompiled libalias ipfw with ipfw2 support.
I've read through the man pages, and I can't make this particular rule
work.
I need to block all IP packets EXCEPT for packets coming from specific
MAC addresses.
Can anyone give me an example of specifically how I should form this
rule?
Elijah Chancey
NetlinkIP Sysadmin
Don't forget to set sysctl net.link.ether.ipfw=1.
[...]
# eth0: MAC of firewall NIC
# eth1: MAC of NIC to allow
# eth_broadcast: broadcast address
eth0=00:04:00:00:00:01
eth1=00:04:00:00:00:02
eth_broadcast=ff:ff:ff:ff:ff:ff
${fwcmd} add pass MAC ${eth0} ${eth1}
${fwcmd} add pass MAC ${eth1} ${eth0}
${fwcmd} add pass MAC ${eth_broadcast} ${eth0}
${fwcmd} add pass MAC ${eth_broadcast} ${eth1}
[...]
regards
ch
--
Christian Hiris [EMAIL PROTECTED] | OpenPGP KeyID 0x941B6B0B
OpenPGP-Key at hkp://wwwkeys.eu.pgp.net and http://pgp.mit.edu
pgpxi3Pdngqfq.pgp
Description: signature
