Bridging Firewall

[Andrea Venturoli]

** Reply to note from "Mike Maltese" <mike at pcmedx.com> Fri, 23 Apr 2004 15:06:12 -0700


> > I find no reference to MAC rules showing up in 5.2.1. Any help or advice 
> > would be appreciated. 
>    
> That's because bridge(4) doesn't do Layer 2 filtering. Neither does ipfw (as 
> well it shouldn't).

???

System is a 4.9:

#ipfw l

00020 deny ip from any to any layer2 { mac-type 0x809b or mac-type 0x80f3 or mac
-type 0x0023 or mac-type 0x0027 or mac-type 0x001d or mac-type 0x0031 or mac-typ
e 0x0067 }
00025 deny ip from any to any layer2 { mac-type 0x012a or mac-type 0x0075 or mac
-type 0x0004 or mac-type 0x00a6 or mac-type 0x0003 }
00025 deny ip from any to any layer2 { mac-type 0x002f or mac-type 0x0012 or mac
-type 0x0097 or mac-type 0x0071 or mac-type 0x00ce or mac-type 0x00a2 or mac-typ
e 0x0088 }
00030 deny ip from any to any layer2 { mac-type 0x002a or mac-type 0x0025 or mac
-type 0x0064 }
00030 deny ip from any to any layer2 { mac-type 0x0063 or mac-type 0x0060 or mac
-type 0x0068 or mac-type 0x0054 }
00030 deny ip from any to any layer2 { mac-type 0x8137 or mac-type 0x00e0 or mac
-type 0x0000 or mac-type 0x8037 or mac-type 0x8038 or mac-type 0x0022 }
..


Isn't this what you are talking about?

 bye
        av.