Date: Thu, 31 Aug 2000 00:33:42 +0200 From: Bernd Walter <ticso@cicely8.cicely.de> To: Bill Fumerola <billf@chimesnet.com> Cc: Jaye Mathisen <mrcpu@internetcds.com>, Simon <simon@optinet.com>, "hackers@FreeBSD.ORG" <hackers@FreeBSD.ORG> Subject: Re: Anyway to ipfw filter based on MAC address? Message-ID: <20000831003342.A12297@cicely8.cicely.de> In-Reply-To: <20000828233106.T33771@jade.chc-chimes.com>; from billf@chimesnet.com on Mon, Aug 28, 2000 at 11:31:06PM -0400 References: <200008290108.TAA26723@mail.fpsn.net> <Pine.BSF.4.21.0008281901000.4933-100000@schizo.cdsnet.net> <20000828233106.T33771@jade.chc-chimes.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Aug 28, 2000 at 11:31:06PM -0400, Bill Fumerola wrote: > On Mon, Aug 28, 2000 at 07:02:03PM -0700, Jaye Mathisen wrote: > > > > Just exactly what I said in the Subject. I want to filter on the ethernet > > MAC address. > > I guess the "ip" in "ipfw" just wasn't obvious enough that it is an IP firewall > tool. You're one layer too low. We already have filter rules to check if a packet would get bridged. And none IP protocols like IPX get bridged depending on the default rule of ipfw. I don't think that ipfw stand for ip only anymore. But I'm not shure if we still have the MAC address at this layer. Unfortunately we can't use a fwd action for bridged packets ;( Anyone with a good idea how to get missings parameters in the bridge code for calling the firewall check code. Is it OK to just get emtpy structures? If I understood it right the bridge checks only at incoming time and normaly fwd should be used for outgoing packets. Will this be any big problem? -- B.Walter COSMO-Project http://www.cosmo-project.de ticso@cicely.de Usergroup info@cosmo-project.de To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000831003342.A12297>