ipfw2 mac address matching weirdness?

Mike Wade mwade at bluehighway.net
Sat Aug 2 17:31:43 PDT 2003

I'm running FreeBSD 4.8 RELEASE w/ IPFW2 support enabled.  I'm running
into some weirdness with the mac address matching feature or perhaps it's
my lack of understanding how it interacts with other rules. :)

My goal is to transparently redirect everything except a few select MAC
addresses but it doesn't appear to work properly.  For example:

net-ninja# ipfw list
00001 skipto 65535 ip from any to any MAC any any in via sis0
00002 fwd,8080 tcp from any to any dst-port 80 in via sis0
65535 allow ip from any to any

This should allow every MAC address to bypass the transparent redirect but
it doesn't.  If I change rule #1 to:

00001 skipto 65535 ip from any to any in via sis0

Things work as advertised.  Any ideas?

Mike Wade (mwade at bluehighway.net)
Blue Highway Labs, LLC.

More information about the freebsd-net mailing list