Limit Ethernet Broadcast
Jon Otterholm
jon.otterholm at ide.resurscentrum.se
Tue May 29 08:33:41 UTC 2007
Hi.
I am trying to limit traffic to the Ethernet broadcast address
(ff:ff:ff:ff:ff:ff). I am running IPFW on a if_bridge(4) and don't want
clients from member if's to be able to send ethernet broadcasts to each
other. The router itself though should be able to send traffic to the
Ethernet Broadcast address and clients should be able to send traffic to
the router destined for Ethernet Broadcast address. Accordingly to man
pages I cannot use the "me" statement as this only applies to
IP-addresses configured on the local system, my if's don't have
IP-addresses configured. Only the bridge itself has an IP-address.
Config:
bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet X.X.X.X netmask 0xffffff80 broadcast X.X.X.X
ether 00:00:00:00:00:00
priority 32768 hellotime 2 fwddelay 15 maxage 20
member: em0.10 flags=1<LEARNING>
member: em0.20 flags=1<LEARNING>
Summary (no valid IPFW-config, just to illustrate):
allow from router to ff:ff:ff:ff:ff:ff
allow from em0.* to router MAC ff:ff:ff:ff:ff:ff any
deny from em0.* to em0.* MAC ff:ff:ff:ff:ff:ff any
Is this doable?
//Jon
More information about the freebsd-ipfw
mailing list