how to allow by MAC

[Bill Yuan]

On Wed, Jun 13, 2012 at 4:56 PM, Ian Smith <smithi at nimnet.asn.au> wrote:

> On Mon, 11 Jun 2012 15:18:18 -0700, Randal L. Schwartz wrote:
>  > >>>>> "Bill" == Bill Yuan <bycn82 at gmail.com> writes:
>  > Bill> I want to create a white list MAC address,  Only the machine
> which it's MAC
>  > Bill> in the white list will be allowed,  all others will be blocked.
>  >
>  > Bad idea.  Since (a) every MAC address that *is* allowed is transmitted
>  > in the clear and (b) it's trivial to spoof a MAC address.
>  >
>  > This. is. no. security.
>
> Indeed, that's right Randal.  But I got the impression from Bill's mails
> that this is more likely just something inside his internal network.

Filtering by MAC is not secure, I agree. but at least secure enough for a
internal network.
And I am quite sure what I want to archive. I am really want to know how to
FILTER BY MAC .



>
>  > Please stop even trying.
>
> Well I don't think learning how to use ipfw properly at layer2 is a bad
> idea in itself, and I wouldn't want to discourage anyone from that.
>
> For some years I ran a filtering transparent bridge with ipfw + dummynet
> for a small network of about 20 mostly W98, XP and Mac boxes sharing one
> slow ADSL gateway between various assorted community groups (talk about
> herding cats! :) and MAC filtering was one of the handiest tools when
> some box or other got owned (again!) by some virus and started spewing
> spam, provider complains and/or cuts access .. you know the deal.
>
> In that sort of environment, none of the punters had any clue about
> forging MACs or anything vaguely like that, and it stopped people
> randomly plugging boxes into the network.  Horses for courses.
>
> I replied in more detail to another from Bill privately, copy follows.

Thanks. I saw your email already .very helpful . I will continue to try in
that way . and share with all here in the feature.:)
cheers, Ian