how to filter network by MAC and IP at the same time

[Lowell Gilbert]

Bill Yuan <bycn82 at gmail.com> writes:

> i am using freebsd 9.0 as a firewall and i want to filter the traffic by
> the mac and the ip at the same time,
>
> for example, i only allow my laptop <MAC Address 1> can go throught the
> firewalll when it's using IP <IP Address 1>
>
> for how to config the firewall rules?
>
>
> I tried to configure the firewall by  the rule below , but it doesnt work
>
>  ipfw add  1 allow all from <IP Address 1> to any MAC <MAC Address 1> any
>  ipfw add  1 allow all from any to <IP Address 1>  MAC any <MAC Address 1>

Well, for one thing if I understand your intent, you have the MAC
addresses in the wrong order. Unless your firewall is acting as a
bridge, you also need to keep in mind that the MAC addresses are changed
when passing through, so those rules will only work on one side (i.e.,
you'll need "in via" type rules).

> but it doesnt work. also found the explanation on google, someone already
> asked this question before.

I don't understand. Was there a suggested approach or not?

> but I did not find the solution for this requirement.  can someone tell me
> how ? thanks in advance.

I can't guarantee this will work, and I don't have any way to test it,
but my above comments would suggest something more like:

>  ipfw add  1 allow all from <IP Address 1> to any MAC any <MAC Address in via $iif

>  ipfw add  1 allow all from any to <IP Address 1>  MAC <MAC Address 1> any out via $oif

Good luck.