Silly IPFW question.
Hi all, I am sorry if this is a no-brainer Is there anyway to make a rule in IPFW that will match MAC addresses instead of IP or port numnbers (and no, I didnt see anything in the docs :-)) -Grant ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Silly IPFW question.
Well..where is the mac you want to firewall from/against? On 9/24/07, Grant Peel [EMAIL PROTECTED] wrote: Hi all, I am sorry if this is a no-brainer Is there anyway to make a rule in IPFW that will match MAC addresses instead of IP or port numnbers (and no, I didnt see anything in the docs :-)) -Grant ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Silly IPFW question.
On Monday 24 September 2007 23:33:05 Grant Peel wrote: Is there anyway to make a rule in IPFW that will match MAC addresses instead of IP or port numnbers (and no, I didnt see anything in the docs :-)) Generally no, since IP FW works on IP level, not ethernet. That said, I just read about this: http://www.openbsd.org/faq/pf/tagging.html#ethernet I don't see a brconfig on FreeBSD though and don't know if there's something similar ported. -- Mel ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Silly IPFW question.
On Sep 24, 2007, at 2:33 PM, Grant Peel wrote: Is there anyway to make a rule in IPFW that will match MAC addresses instead of IP or port numnbers (and no, I didnt see anything in the docs :-)) Search man ipfw for MAC. Something like this will: ipfw add 10 deny MAC any 10:20:30:40:50:60 ...block any traffic from that ethernet address. Be aware of the net.link.ether.ipfw sysctl needed and advice in the section PACKET FLOW. -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Silly IPFW question.
Hi Jeff, I have a client to wants access to mysql on port 3306, but none (4) of his computers have static IPs. So, answer your question, he wants to access from several hops down the (internet) pipe. And I just DID find some talking about MAC address filtering in the IPFW docs. However, If I remember erthernet connections right, it would be the last MAC it came from ... and not the originating MAC. Forgive me if I am wronge above, but I am not a 'level' 1, 2, or 3, guru`! :-) -Grant - Original Message - From: Jeff Mohler To: Grant Peel Cc: freebsd-questions@freebsd.org Sent: Monday, September 24, 2007 5:34 PM Subject: Re: Silly IPFW question. Well..where is the mac you want to firewall from/against? On 9/24/07, Grant Peel [EMAIL PROTECTED] wrote: Hi all, I am sorry if this is a no-brainer Is there anyway to make a rule in IPFW that will match MAC addresses instead of IP or port numnbers (and no, I didnt see anything in the docs :-)) -Grant ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- Total Control Panel Login To: [EMAIL PROTECTED] Message Score: 10 High (60): Pass From: [EMAIL PROTECTED] My Spam Blocking Level: High Medium (75): Pass Low (90): Pass Block messages from this sender (blacklist) This message was delivered because the content filter score did not exceed your filter level. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Silly IPFW question.
On Mon, 24 Sep 2007 17:33:05 -0400 Grant Peel [EMAIL PROTECTED] wrote: Hi all, I am sorry if this is a no-brainer Is there anyway to make a rule in IPFW that will match MAC addresses instead of IP or port numnbers (and no, I didnt see anything in the docs :-)) man ipfw and search for MAC Note that you need to set a sysctl for layer 2 - which is also covered in the man page. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Silly IPFW question.
On Monday 24 September 2007 23:44:07 Chuck Swiger wrote: On Sep 24, 2007, at 2:33 PM, Grant Peel wrote: Is there anyway to make a rule in IPFW that will match MAC addresses instead of IP or port numnbers (and no, I didnt see anything in the docs :-)) Search man ipfw for MAC. Something like this will: ipfw add 10 deny MAC any 10:20:30:40:50:60 ...block any traffic from that ethernet address. Be aware of the net.link.ether.ipfw sysctl needed and advice in the section PACKET FLOW. Ok, been too long since I played with IPFW obviously. -- Mel ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Silly IPFW question.
On Mon, 24 Sep 2007 17:47:31 -0400 Grant Peel [EMAIL PROTECTED] wrote: Hi Jeff, I have a client to wants access to mysql on port 3306, but none (4) of his computers have static IPs. So, answer your question, he wants to access from several hops down the (internet) pipe. And I just DID find some talking about MAC address filtering in the IPFW docs. However, If I remember erthernet connections right, it would be the last MAC it came from ... and not the originating MAC. Yes, assuming the hops are routers. He probably should be using an ssh tunnel. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]