Mac filtering with ipfw2
Christian Hiris
4711 at chello.at
Tue Aug 31 12:42:26 PDT 2004
On Tuesday 31 August 2004 18:07, Steve Quezadas wrote:
> Hello,
>
> I have tried and tried and tried to get mac filtering to work with
> ipfw2. I have tried the usual sources (Google Groups, google, mailling
> list, man pages, etc). Here it goes:
>
> I basically want to allow traffic to come from one mac address. I am
> trying to get the following rule to work:
>
> ipfw add accept tcp from any to any MAC any 10:20:30:40:50:60
>
> Yes, ipfw2 is on my freebsd system. This rule is basically: "allow
> traffic from mac address 10:20:30:40:50:60 to anywhere on the
> network".
>
> What am I doing wrong?
Did you set the sysctl net.link.ether.ipfw=1? You can do this
in /etc/sysctl.conf or via the sysctl command.
If you want to establish any kind of useful communication, you need to allow
incoming and outgoing traffic for the specified MAC.
# ipfw add pass MAC any 10:20:30:40:50:60
# ipfw add pass MAC 10:20:30:40:50:60 any
To use arp requests (which are addressed to ff:ff:ff:ff:ff:ff) you need to
allow them a way out, too.
# ipfw add pass MAC any ff:ff:ff:ff:ff:ff
Cheers,
ch
--
Christian Hiris <4711 at chello.at> | OpenPGP KeyID 0x941B6B0B
OpenPGP-Key at hkp://wwwkeys.eu.pgp.net and http://pgp.mit.edu
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: signature
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20040831/2c283142/attachment.bin
More information about the freebsd-questions
mailing list