ipfw and MAC Addresses

Fri Jul 11 13:26:37 PDT 2003

On Fri, Jul 11, 2003 at 04:15:09PM -0400, Dan Mahoney, System Admin wrote:

> I'm running 4.7-Release, and I have compiled the firewall into the kernel
> but I can't seem to figure out the syntax for mac address based firewalls
> .
> 
> I'm trying:
> 
> box#ipfw add 50000 allow ip from any to any in mac any any
> ipfw: unknown argument ``mac''
> 
> If there's some secret to getting this to work, let me know, as right now
> I would really like a way to restrict ip traffic by source mac.

MAC is an IPFW2 extension.  All FreeBSD 4.x versions compile IPFW1 by
default, although from 4.7-RELEASE on, you can optionally select to
use IPFW2.  IPFW2 is the default in FreeBSD 5.x.

You need to add:

    IPFW2=true

to your /etc/make.conf, and

    options IPFW2

to your kernel config, and rebuild, reinstall world+kernel in the
usual fashion.

	Cheers,

	Matthew	

-- 
Dr Matthew J Seaman MA, D.Phil.                       26 The Paddocks
                                                      Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey         Marlow
Tel: +44 1628 476614                                  Bucks., SL7 1TH UK
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20030711/736a2050/attachment.bin