Re: Mac filtering with ipfw2
From: Christian Hiris (4711_at_chello.at)
Date: 08/31/04
- Previous message: Olivier Renard: "FreeBSD on external Hard Disk"
- In reply to: Steve Quezadas: "Mac filtering with ipfw2"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
To: freebsd-questions@freebsd.org Date: Tue, 31 Aug 2004 21:42:11 +0200
On Tuesday 31 August 2004 18:07, Steve Quezadas wrote:
> Hello,
>
> I have tried and tried and tried to get mac filtering to work with
> ipfw2. I have tried the usual sources (Google Groups, google, mailling
> list, man pages, etc). Here it goes:
>
> I basically want to allow traffic to come from one mac address. I am
> trying to get the following rule to work:
>
> ipfw add accept tcp from any to any MAC any 10:20:30:40:50:60
>
> Yes, ipfw2 is on my freebsd system. This rule is basically: "allow
> traffic from mac address 10:20:30:40:50:60 to anywhere on the
> network".
>
> What am I doing wrong?
Did you set the sysctl net.link.ether.ipfw=1? You can do this
in /etc/sysctl.conf or via the sysctl command.
If you want to establish any kind of useful communication, you need to allow
incoming and outgoing traffic for the specified MAC.
# ipfw add pass MAC any 10:20:30:40:50:60
# ipfw add pass MAC 10:20:30:40:50:60 any
To use arp requests (which are addressed to ff:ff:ff:ff:ff:ff) you need to
allow them a way out, too.
# ipfw add pass MAC any ff:ff:ff:ff:ff:ff
Cheers,
ch
-- Christian Hiris <4711@chello.at> | OpenPGP KeyID 0x941B6B0B OpenPGP-Key at hkp://wwwkeys.eu.pgp.net and http://pgp.mit.edu
- application/pgp-signature attachment: signature
- Previous message: Olivier Renard: "FreeBSD on external Hard Disk"
- In reply to: Steve Quezadas: "Mac filtering with ipfw2"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
|
