Allowing access to IP/MAC pairs only

Eugene Grosbein eugen at kuzbass.ru
Thu Jan 31 07:58:08 PST 2008


On Thu, Jan 31, 2008 at 10:30:53AM -0800, Szemer?dy G?bor wrote:

> We have feeBSD 6.2 machines with local subnets on the servers and would 
> like to allow access to the internet only for workstations with exact 
> IP/MAC pairs and deny access for not predefined pairs.
> Is there a solution in firewall settings?

You need not any firewall for that.
Just use "ifconfig em0 staticarp" disable ARP table updates
for interface em0 (replace em0 with your interface name)
and load IP/MAC pairs into ARP table with "arp -f arps_em0" command
where file named "arps_em0" contains those pairs:

10.10.10.10 00:11:22:33:44:55
10.10.10.11 00:11:22:33:44:56
10.10.10.12 00:11:22:33:44:57
 
Eugene Grosbein


More information about the freebsd-stable mailing list