Allowing access to IP/MAC pairs only

Bob Bishop rb at
Thu Jan 31 03:05:23 PST 2008


On 31 Jan 2008, at 18:30, Szemerédy Gábor wrote:

> Hello list!
> We have feeBSD 6.2 machines with local subnets on the servers and  
> would like to allow access to the internet only for workstations  
> with exact IP/MAC pairs and deny access for not predefined pairs.
> Is there a solution in firewall settings?

In ipfw, something like:

allow ip from <ip A> to any mac any <mac of ip A>
allow ip from <ip B> to any mac any <mac of ip B>
deny ip from any to any

Beware that MAC addresses are given in the order dest, src.

Bob Bishop          +44 (0)118 940 1243
rb at fax +44 (0)118 940 1295

More information about the freebsd-stable mailing list