Cc: [EMAIL PROTECTED]
Subject: Re: PF MAC Filter
Laurent Cheylus wrote:
> Shawn Mitchell <[EMAIL PROTECTED]> wrote :
>
>
>>Is it possable to specify a MAC Address filter?
>
>
> Yes, with transparent firewalling (bridge mode) : see FAQ 6.10
> http://www.openbsd
Laurent Cheylus wrote:
Shawn Mitchell <[EMAIL PROTECTED]> wrote :
Is it possable to specify a MAC Address filter?
Yes, with transparent firewalling (bridge mode) : see FAQ 6.10
http://www.openbsd.org/faq/faq6.html#Bridge
Do you block some nasty attacks with ARP : ARP spoofing with tools like
ables, to
OpenBSD and pf... I like it more...
thx for the info though!
-Shawn
-Original Message-
From: Daniel Hartmeier [mailto:[EMAIL PROTECTED]
Sent: Wednesday, February 26, 2003 6:21 PM
To: Shawn Mitchell
Cc: Stefan Sonnenberg-Carstens; [EMAIL PROTECTED]
Subject: Re: PF MAC Filter
On W
Shawn Mitchell <[EMAIL PROTECTED]> wrote :
> Is it possable to specify a MAC Address filter?
Yes, with transparent firewalling (bridge mode) : see FAQ 6.10
http://www.openbsd.org/faq/faq6.html#Bridge
Do you block some nasty attacks with ARP : ARP spoofing with tools like Hunt or
Arp-sk ?
Be car
On Wed, Feb 26, 2003 at 06:13:38PM -0600, Shawn Mitchell wrote:
> Just a little pre-filtering to stop the ignorant people, and the wanna-be
> hackers.
For MAC level filtering, you'll need a bridge. See brconfig(8) about how
to filter on MAC addresses. pf will still work on a bridge, and you can
d
ignorant people, and the wanna-be
hackers.
-Shawn
-Original Message-
From: Stefan Sonnenberg-Carstens [mailto:[EMAIL PROTECTED]
Sent: Wednesday, February 26, 2003 9:12 AM
To: Shawn Mitchell; [EMAIL PROTECTED]
Subject: Re: PF MAC Filter
No, it is not possible.
And you should remember that
On Wed, Feb 26, 2003 at 03:26:28AM -0600, Shawn Mitchell wrote:
>
> Is it possable to specify a MAC Address filter?
>
> And just to go ahead and cut off the trolls on MAC Filtering... I know you
> can change your MAC address. I don't care that you can. I'm wanting to
> place a few filters that
No, it is not possible.
And you should remember that a setup like that can cut you off by mistake;
everyone who had to deal with a Fw-1 and the f***ng arp-cache
should know ...
And another thing :
In Ethernet terms, you can only see MAC's on your ethernet segment (eg a
router,switch)
etc, so if you