IPFW Mac filter confusion.
Danny Carroll
danny at dannysplace.net
Thu Aug 2 06:23:14 UTC 2007
Hello,
I am trying to deny traffic based on MAC address.
My freebsd (6.2) box is acting as a gateway. The wireless clients
connect on ath0 and the wired network is connected on fxp0. Default
route is vi fax0 to the internet gateway.
Arp table is:
freebsd# arp -a
? (10.0.249.254) at 00:12:6f:11:22:25 on ath0 [ethernet]
? (192.168.10.1) at 00:02:e2:d0:6b:a1 on fxp0 [ethernet]
192.168.10.1 is the gateway and 10.0.249.254 is the host I wish to prohibit.
Here are my rules.
freebsd# ipfw list
00050 deny ip from any to any MAC 00:12:6f:11:22:25 any
00050 deny ip from any to any MAC any 00:12:6f:11:22:25
65535 allow ip from any to any
If I add rules such as:
00050 deny ip from 10.0.249.254 to any
00050 deny ip from any to 10.0.249.254
Then the firewall works as I would expect.
I think I must be misunderstanding how the MAC option to ipfw works.
The man page is not terribly helpful so I was wondering if someone can
enlighten me.
-Danny
More information about the freebsd-ipfw
mailing list