From owner-freebsd-questions@FreeBSD.ORG Fri Jul 30 11:58:33 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 002421065676 for ; Fri, 30 Jul 2010 11:58:32 +0000 (UTC) (envelope-from b.smeelen@ose.nl) Received: from mail.ose.nl (mail.ose.nl [212.178.134.164]) by mx1.freebsd.org (Postfix) with ESMTP id 6D8F18FC15 for ; Fri, 30 Jul 2010 11:58:32 +0000 (UTC) Received: from localhost ([127.0.0.1]) by mail.ose.nl for freebsd-questions@freebsd.org; Fri, 30 Jul 2010 13:58:30 +0200 Message-ID: <4C52BE66.1000908@ose.nl> Date: Fri, 30 Jul 2010 13:58:30 +0200 From: Bas Smeelen User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.11) Gecko/20100713 Thunderbird/3.0.6 MIME-Version: 1.0 To: freebsd-questions@freebsd.org References: In-Reply-To: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Subject: Re: IPFW with MAC address configuration X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 Jul 2010 11:58:33 -0000 On 07/30/2010 01=3A18 PM=2C Carmel wrote=3A =3E I am trying to set up a rule using IPFW that utilizes a MAC address =3E rather than an IP one=2E =3E =3E ipfw -q allow log tcp from MAC 00-14-A4-43-8E-BA to me 137 in via nfe0= setup keep-state =3E =3E Would that work=2C assuming the machine I want to allow access has that= =3E MAC address=3F =3E =3E =20 According to the manual =28man ipfw=29 I guess the rule would something lik= e=3A ipfw add 1000 allow log tcp MAC any 00=3A14=3AA4=3A43=3A8E=3ABA/33 to me 13= 7 in via nfe0 setup keep-state =20 >From the manual=3A =7B MAC =7C mac =7D dst-mac src-mac Match packets with a given dst-mac and src-mac addresses=2C speci- fied as the any keyword =28matching any MAC address=29=2C or s= ix groups of hex digits separated by colons=2C and optionally followed b= y a mask indicating the significant bits=2E The mask may be specified using either of the following methods=3A 1=2E A slash =28/=29 followed by the number of significan= t bits=2E For example=2C an address with 33 significant bits could be specified as=3A MAC 10=3A20=3A30=3A40=3A50=3A60/33 any 2=2E An ampersand =28=26=29 followed by a bitmask specifi= ed as six groups of hex digits separated by colons=2E For examp= le=2C an address in which the last 16 bits are significant= could be specified as=3A MAC 10=3A20=3A30=3A40=3A50=3A60=2600=3A00=3A00= =3A00=3Aff=3Aff any Note that the ampersand character has a special meanin= g in many shells and should generally be escaped=2E Note that the order of MAC addresses =28destination first=2C s= ource second=29 is the same as on the wire=2C but the opposite of th= e one used for IP addresses=2E DISCLAIMER=3A This e-mail is for the intended recipient=28s=29 only=2E Acce= ss=2C disclosure=2C copying=2C distribution or reliance on any of it by anyone else is prohibited=2E If yo= u have received it by mistake please let us know by reply and then delete it from your system= =2E