i can't block win98 computers
Greg Barniskis
nalists at scls.lib.wi.us
Mon Aug 15 22:43:02 GMT 2005
Roland Smith wrote:
> On Mon, Aug 15, 2005 at 11:28:10PM +0300, vladone wrote:
>
>>Hi!
>>I try to block some computers to acces my gateway based on MAC
>>address.
>>I use this ipfw rule:
>> ipfw add 100 deny mac any xx:yy:aa:bb:cc:dd in via $private_interface
>>With this i can block XP computers but not work with Win98. I dont
>>understand what is happened!
>
>
> As the ipfw manpage states, you can filter on layer-2 header fields (of
> which the MAC address is one) _where available_.
>
> It could be that Win98 doesn't correctly list the MAC address in the
> packets. You could try using tcpdump to check the packets.
>
> Roland
I think you could correct this problem by reversing the rule
construction. Instead of denying all the bad MACs, create rules that
permit all the good MACs and that deny all other traffic. All
packets with unidentified MACs would then get dropped. Of course,
this won't work if you have some Win98 boxes that you'd like to
pass, and some that you'd like to drop.
Otherwise, maybe you could fix the problem by installing FreeBSD on
all the Win98 machines. 8)
--
Greg Barniskis, Computer Systems Integrator
South Central Library System (SCLS)
Library Interchange Network (LINK)
<gregb at scls.lib.wi.us>, (608) 266-6348
More information about the freebsd-questions
mailing list