MAC locking and filtering in FreeBSD
Andrew Thompson
thompsa at FreeBSD.org
Wed May 13 19:25:59 UTC 2009
On Wed, May 13, 2009 at 10:48:02AM -0600, Brett Glass wrote:
> I need to find a way to do "MAC address locking" in FreeBSD -- that is, to
> ensure that only a machine with a particular MAC address can use a
> particular IP address. Unfortunately, it appears that rules in FreeBSD's
> IPFW are "stuck" on one layer: rules that look at Layer 2 information in a
> packet can't look at Layer 3, and vice versa. Is there a way to work around
> this to do MAC address locking and/or other functions that involve looking
> at Layer 2 and Layer 3 simultaneously?
This has been implemented as part of Gleb Kurtsov's 2008 SoC project.
http://wiki.freebsd.org/GlebKurtsov/Improving_layer2_filtering
It has not been committed yet but I beleieve is ready to go in, you can
find the code on the svn branch
http://svn.freebsd.org/viewvc/base/projects/l2filter/
Andrew
More information about the freebsd-net
mailing list