On Mon, Aug 28, 2000 at 11:31:06PM -0400, Bill Fumerola wrote:
On Mon, Aug 28, 2000 at 07:02:03PM -0700, Jaye Mathisen wrote:
Just exactly what I said in the Subject. I want to filter on the ethernet
MAC address.
I guess the "ip" in "ipfw" just wasn't obvious enough that it is an IP
On Mon, 28 Aug 2000, Jaye Mathisen wrote:
I would love to be able to filter ipfw traffic based on more than just
IP.
Anybody done anything like this?
You may want to check out the Ethfw (Ethernet Firewall) patches for
FreeBSD at: http://spe.kakito.com/
---
Mike Wade ([EMAIL PROTECTED])
I would love to be able to filter ipfw traffic based on more than just
IP.
Anybody done anything like this?
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
What else do you want to filter by? did you read man ipfw? it should tell you all
about it. you can filter by uid, type of
packets, source, origin, etc..
-Simon
On Mon, 28 Aug 2000 18:03:58 -0700 (PDT), Jaye Mathisen wrote:
I would love to be able to filter ipfw traffic based on more than
Just exactly what I said in the Subject. I want to filter on the ethernet
MAC address.
My firewall works fine filtering on IP, now I want to make sure no new
nodes come up. I guess I could play some games with arp, but just
blocking MAC addresses would suffice.
On Mon, 28 Aug 2000, Simon
Also, be able to filter packets based on TTL and SYN Seq value
would be useful in some cases too -- quiet a few SYN flood programs had
those values hard coded and script kids don't change them.
On Mon, 28 Aug 2000, Jaye Mathisen wrote:
Just exactly what I said in the Subject. I want to
On Mon, Aug 28, 2000 at 06:03:58PM -0700, Jaye Mathisen wrote:
I would love to be able to filter ipfw traffic based on more than just
IP.
Anybody done anything like this?
How about turning off arp on the network interface, (ifconfig),
and using static arp?
--
Robert Sexton - [EMAIL
On Mon, Aug 28, 2000 at 07:02:03PM -0700, Jaye Mathisen wrote:
Just exactly what I said in the Subject. I want to filter on the ethernet
MAC address.
I guess the "ip" in "ipfw" just wasn't obvious enough that it is an IP firewall
tool. You're one layer too low.
--
Bill Fumerola - Network
I can appreciate the sarcasm... However, given today's generally IP-only
connected networks, ipfw does not seem to be a necessarily bad place to do
this kind of filtering...
I only mention it because dummynet could be useful bandwidth limiting to
MAC addresses as well.
And it never hurts to
On Mon, 28 Aug 2000, Jaye Mathisen wrote:
I would love to be able to filter ipfw traffic based on more than just
IP.
Anybody done anything like this?
The OpenBSD bridge filtering code can do this, allowing you to map MAC
addresses to specific interfaces, and prevent spoofing, among other
10 matches
Mail list logo
