ipfw: ALLOWing by mac address

Foo Ji-Haw jhfoo at nexlabs.com
Wed Oct 5 01:58:22 PDT 2005


Hello all,

I'd like your feedback on a problem I have with allowing access through the ipfw firewall via mac addresses.

Andrew has a good point on mac address spoofing. I agree with him on the security concern, but for the situation that I am setting up, that's ok. But I really need to open the firewall via mac address.

Let me detail my setup:
dc0 is the interface to the Internet
vr0 is the interface to the managed network

I tried to read up on ipfw rules on mac, and I got something like this:
allow ip from any to any MAC any 00:90:d1:00:80:00/33

It does not work of course, but ipfw accepted the command. Basically I need the client with the mac address to be able to go pass the firewall in totality.

Can anyone enlighten me on the correct format? Thanks in advance.


More information about the freebsd-questions mailing list