Using tables for MAC addresses in ipfw2

Jon Simola jsimola at
Fri Dec 17 15:26:59 PST 2004

I do a lot of filtering based on MAC addresses for our DSL network,
and the table support in IPFW is close to what I'm looking for. I've
taken a quick glimpse through the code (I'm familiar with the ipfw
code pre ipfw2) and I don't see any major hangups to implementing a
similar table support for MAC addresses.

What the situation is is that we are a DSL reseller for the regional
telco. All of our customers have their connections bridged over the
ATM network and appear on a fast ethernet port on a Cisco 5505. That
is the only place we gain access (The ATM and Cisco are telco owned).
I have my FreeBSD 5.2.1 router plugged into that port and working
fine, but at any time I have 50 or so rules specifically blocking MAC
addresses of customers who haven't paid or have viral activity.

Does adding MAC tables sound like a logical course of action? Can
anyone suggest a different idea, possibly better overall?

More information about the freebsd-ipfw mailing list