simple mac address filter
Robert Klein
RoKlein at roklein.de
Tue Sep 7 14:12:49 PDT 2004
On Dienstag, 7. September 2004 23:02, Skip Ford wrote:
> brisbanebsd at mac.com wrote:
> > I need to set up MAC filtering on a 5.2.1 Freebsd box.
>
> Have you enabled it by setting net.link.ether.ipfw to 1?
>
> > ipfw add allow ip from any to any mac any 00:0d:93:81:82:1e
>
> Your rule works fine here.
>
> # ipfw add 10 allow ip from any to any mac 00:50:bf:d3:5a:2f
> any 00010 allow ip from any to any MAC 00:50:bf:d3:5a:2f any #
> ipfw show 10
> 00010 0 0 allow ip from any to any MAC
> 00:50:bf:d3:5a:2f any # sysctl net.link.ether.ipfw=1
> net.link.ether.ipfw: 0 -> 1
> # ipfw show 10
> 00010 351 514213 allow ip from any to any MAC
> 00:50:bf:d3:5a:2f any
umm... if I think this should not work.. except you have
options IPFIREWALL_DEFAULT_TO_ACCEPT
in your kernel config file. Could you please check and tell us?
Regards,
Robert
More information about the freebsd-ipfw
mailing list