ipfw with nat - allowing by MAC address

[Fratiman Vladut]

Test this:
ipfw add 190 allow ip from any to any layer2 mac-type arp
$cmd add 192 skipto 201 MAC any xx:xx:xx:xx:xx:xx in via $pif layer2
.........................................................................................................................................
$cmd add 200 deny MAC any any in recv $pif layer2

This is part from a sh script where $pif is an variable that represent
your private interface (ex. pif="fxp0"), and cmd="/sbin/ipfw -q"
Rule 190 allow arp broadcast traffic. Without this rule traffic will be blocked
after few minutes. Rules from 192 to 199 (obviously u can put any
number) contain mac's that u want to allow.
Rules 200 block all rest of traffic with wrong mac.
Be careful if u want to make traffic shaping, because with layer 2
activated, packets are filtered twice, at ip level and mac level.
My sincerely recommendation is to use pppoe. Is easy to implement with
mpd4 and is secure.