IPFW2 Mac Address Filtering

Christian Hiris 4711 at chello.at
Tue May 25 11:19:46 PDT 2004


On Tuesday 25 May 2004 17:57, Elijah A.Chancey wrote:
> I've searched high and low, and have read many times that doing mac
> address filtering with ipfw is possible.
>
> I'm running 4.9, have recompiled the kernel with 'options ipfw2', and
> have recompiled libalias & ipfw with ipfw2 support.
>
> I've read through the man pages, and I can't make this particular rule
> work.
>
> I need to block all IP packets EXCEPT for packets coming from specific
> MAC addresses.
>
> Can anyone give me an example of specifically how I should form this
> rule?
>
> Elijah Chancey
> NetlinkIP Sysadmin
>

Don't forget to set sysctl net.link.ether.ipfw=1.

[...]

# eth0: MAC of firewall NIC
# eth1: MAC of NIC to allow
# eth_broadcast: broadcast address  

eth0="00:04:00:00:00:01"
eth1="00:04:00:00:00:02"
eth_broadcast="ff:ff:ff:ff:ff:ff"

${fwcmd} add pass MAC ${eth0} ${eth1}  
${fwcmd} add pass MAC ${eth1} ${eth0}
${fwcmd} add pass MAC ${eth_broadcast} ${eth0}
${fwcmd} add pass MAC ${eth_broadcast} ${eth1}

[...]


regards
ch

-- 
Christian Hiris <4711 at chello.at> | OpenPGP KeyID 0x941B6B0B 
OpenPGP-Key at hkp://wwwkeys.eu.pgp.net and http://pgp.mit.edu
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: signature
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20040525/c1e590ea/attachment.bin


More information about the freebsd-questions mailing list