simple mac address filter
Skip Ford
skip.ford at verizon.net
Tue Sep 7 14:46:08 PDT 2004
Robert Klein wrote:
> On Dienstag, 7. September 2004 23:02, Skip Ford wrote:
> > brisbanebsd at mac.com wrote:
> > > I need to set up MAC filtering on a 5.2.1 Freebsd box.
> >
> > Have you enabled it by setting net.link.ether.ipfw to 1?
> >
> > > ipfw add allow ip from any to any mac any 00:0d:93:81:82:1e
> >
> > Your rule works fine here.
> >
> > # ipfw add 10 allow ip from any to any mac 00:50:bf:d3:5a:2f
> > any 00010 allow ip from any to any MAC 00:50:bf:d3:5a:2f any #
> > ipfw show 10
> > 00010 0 0 allow ip from any to any MAC
> > 00:50:bf:d3:5a:2f any # sysctl net.link.ether.ipfw=1
> > net.link.ether.ipfw: 0 -> 1
> > # ipfw show 10
> > 00010 351 514213 allow ip from any to any MAC
> > 00:50:bf:d3:5a:2f any
>
> umm... if I think this should not work.. except you have
> options IPFIREWALL_DEFAULT_TO_ACCEPT
> in your kernel config file. Could you please check and tell us?
No, it denies but I have other layer 3 rules that allow it. It
didn't occur to me the OP was trying to hit both layers with a single
rule.
--
Skip
More information about the freebsd-ipfw
mailing list