IPFW with MAC address configuration
Bas Smeelen
b.smeelen at ose.nl
Fri Jul 30 11:58:33 UTC 2010
On 07/30/2010 01:18 PM, Carmel wrote:
> I am trying to set up a rule using IPFW that utilizes a MAC address
> rather than an IP one.
>
> ipfw -q allow log tcp from MAC 00-14-A4-43-8E-BA to me 137 in via nfe0 setup keep-state
>
> Would that work, assuming the machine I want to allow access has that
> MAC address?
>
>
According to the manual (man ipfw) I guess the rule would something like:
ipfw add 1000 allow log tcp MAC any 00:14:A4:43:8E:BA/33 to me 137 in
via nfe0 setup keep-state
>From the manual:
{ MAC | mac } dst-mac src-mac
Match packets with a given dst-mac and src-mac addresses,
speci-
fied as the any keyword (matching any MAC address), or six
groups
of hex digits separated by colons, and optionally followed by a
mask indicating the significant bits. The mask may be
specified
using either of the following methods:
1. A slash (/) followed by the number of significant bits.
For example, an address with 33 significant bits
could be
specified as:
MAC 10:20:30:40:50:60/33 any
2. An ampersand (&) followed by a bitmask specified as six
groups of hex digits separated by colons. For example,
an address in which the last 16 bits are significant
could be specified as:
MAC 10:20:30:40:50:60&00:00:00:00:ff:ff any
Note that the ampersand character has a special meaning
in many shells and should generally be escaped.
Note that the order of MAC addresses (destination first, source
second) is the same as on the wire, but the opposite of the one
used for IP addresses.
DISCLAIMER: This e-mail is for the intended recipient(s) only. Access, disclosure, copying,
distribution or reliance on any of it by anyone else is prohibited. If you have received it
by mistake please let us know by reply and then delete it from your system.
More information about the freebsd-questions
mailing list