how to allow by MAC
Bill Yuan
bycn82 at gmail.com
Sun Jun 17 15:39:21 UTC 2012
On Wed, Jun 13, 2012 at 4:56 PM, Ian Smith <smithi at nimnet.asn.au> wrote:
> On Mon, 11 Jun 2012 15:18:18 -0700, Randal L. Schwartz wrote:
> > >>>>> "Bill" == Bill Yuan <bycn82 at gmail.com> writes:
> > Bill> I want to create a white list MAC address, Only the machine
> which it's MAC
> > Bill> in the white list will be allowed, all others will be blocked.
> >
> > Bad idea. Since (a) every MAC address that *is* allowed is transmitted
> > in the clear and (b) it's trivial to spoof a MAC address.
> >
> > This. is. no. security.
>
> Indeed, that's right Randal. But I got the impression from Bill's mails
> that this is more likely just something inside his internal network.
Filtering by MAC is not secure, I agree. but at least secure enough for a
internal network.
And I am quite sure what I want to archive. I am really want to know how to
FILTER BY MAC .
>
> > Please stop even trying.
>
> Well I don't think learning how to use ipfw properly at layer2 is a bad
> idea in itself, and I wouldn't want to discourage anyone from that.
>
> For some years I ran a filtering transparent bridge with ipfw + dummynet
> for a small network of about 20 mostly W98, XP and Mac boxes sharing one
> slow ADSL gateway between various assorted community groups (talk about
> herding cats! :) and MAC filtering was one of the handiest tools when
> some box or other got owned (again!) by some virus and started spewing
> spam, provider complains and/or cuts access .. you know the deal.
>
> In that sort of environment, none of the punters had any clue about
> forging MACs or anything vaguely like that, and it stopped people
> randomly plugging boxes into the network. Horses for courses.
>
> I replied in more detail to another from Bill privately, copy follows.
Thanks. I saw your email already .very helpful . I will continue to try in
that way . and share with all here in the feature.:)
cheers, Ian
More information about the freebsd-questions
mailing list