From owner-freebsd-questions  Wed Oct 23  0:51:31 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 5ECC937B401
	for <freebsd-questions@freebsd.org>; Wed, 23 Oct 2002 00:51:30 -0700 (PDT)
Received: from smtp015.mail.yahoo.com (smtp015.mail.yahoo.com [216.136.173.59])
	by mx1.FreeBSD.org (Postfix) with SMTP id 0704F43E75
	for <freebsd-questions@freebsd.org>; Wed, 23 Oct 2002 00:51:30 -0700 (PDT)
	(envelope-from aokounev@yahoo.com)
Received: from unknown (HELO AZOT-30761) (aokounev@212.98.162.53 with plain)
  by smtp.mail.vip.sc5.yahoo.com with SMTP; 23 Oct 2002 07:51:25 -0000
Date: Wed, 23 Oct 2002 10:50:57 +0300
From: Artem Okounev <aokounev@yahoo.com>
X-Mailer: The Bat! (v1.61)
Reply-To: Artem Okounev <aokounev@yahoo.com>
X-Priority: 3 (Normal)
Message-ID: <19889996688.20021023105057@yahoo.com>
To: Scott Pilz <tech@tznet.com>
Cc: freebsd-questions@freebsd.org
Subject: Re: Or even - NATD/IPFW/BSD
In-Reply-To: <20021022111516.J73947-100000@mail.tznet.com>
References: <20021022111516.J73947-100000@mail.tznet.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello Scott,

Tuesday, October 22, 2002, 7:15:41 PM, you wrote:


> In  regards  to  my  last question ... or does anyone even
> know how to block all traffic from a MAC ID?

IPFW2  allows  to match ip packets using MAC. It is not used
in  stable  by  default,  read man ipfw to figure out how to
enable  IPFW2.  Please  note  that many modern network cards
allow  changing their MAC ID easily, so blocking MACs is not
100% solution.

If  your  network do not use DHCP you may write down MAC IDs
of all computers in your network along with its IP adresses,
then  disable  ARP  resolution  on your firewall's interface
(ifconfig  ed0  -arp),  then add static arp mappings for all
hosts     in    your    network    (arp    -s    192.168.0.1
xx:xx:xx:xx:xx:xx).

- --
Best regards,
 Artem                            mailto:aokounev@yahoo.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.0 (MingW32)

iD8DBQE9tlTtbOuJ0KL1C+MRApyXAKC7In5WL3Iyee8kfxKKUnYnNRc3nACgsAG1
sd1Cdzlr3Yw6O1wqIjNlG+Q=
=E7UL
-----END PGP SIGNATURE-----


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message