From owner-freebsd-questions@FreeBSD.ORG Fri Jun 8 20:31:04 2012 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A9B7B1065680 for ; Fri, 8 Jun 2012 20:31:04 +0000 (UTC) (envelope-from freebsd-questions-local@be-well.ilk.org) Received: from asbnvacz-mailrelay01.megapath.net (asbnvacz-mailrelay01.megapath.net [207.145.128.243]) by mx1.freebsd.org (Postfix) with ESMTP id 669498FC12 for ; Fri, 8 Jun 2012 20:31:04 +0000 (UTC) Received: from mail7.sea5.speakeasy.net (mail7.sea5.speakeasy.net [69.17.117.52]) by asbnvacz-mailrelay01.megapath.net (Postfix) with ESMTP id 26CBFA71CEC for ; Fri, 8 Jun 2012 16:30:58 -0400 (EDT) Received: (qmail 9839 invoked from network); 8 Jun 2012 20:30:57 -0000 Received: by simscan 1.4.0 ppid: 9617, pid: 11337, t: 0.1830s scanners: clamav: 0.88.2/m:52/d:13513 Received: from unknown (HELO be-well.ilk.org) ([66.92.78.145]) (envelope-sender ) by mail7.sea5.speakeasy.net (qmail-ldap-1.03) with SMTP for ; 8 Jun 2012 20:30:57 -0000 Received: by be-well.ilk.org (Postfix, from userid 1147) id 10E1D33C20; Fri, 8 Jun 2012 16:30:55 -0400 (EDT) From: Lowell Gilbert To: Bill Yuan References: Date: Fri, 08 Jun 2012 16:30:55 -0400 In-Reply-To: (Bill Yuan's message of "Fri, 8 Jun 2012 07:22:34 +0800") Message-ID: <44y5nxy29s.fsf@be-well.ilk.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.4 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: freebsd-questions@freebsd.org Subject: Re: how to filter network by MAC and IP at the same time X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: freebsd-questions@freebsd.org List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Jun 2012 20:31:04 -0000 Bill Yuan writes: > i am using freebsd 9.0 as a firewall and i want to filter the traffic by > the mac and the ip at the same time, > > for example, i only allow my laptop can go throught the > firewalll when it's using IP > > for how to config the firewall rules? > > > I tried to configure the firewall by the rule below , but it doesnt work > > ipfw add 1 allow all from to any MAC any > ipfw add 1 allow all from any to MAC any Well, for one thing if I understand your intent, you have the MAC addresses in the wrong order. Unless your firewall is acting as a bridge, you also need to keep in mind that the MAC addresses are changed when passing through, so those rules will only work on one side (i.e., you'll need "in via" type rules). > but it doesnt work. also found the explanation on google, someone already > asked this question before. I don't understand. Was there a suggested approach or not? > but I did not find the solution for this requirement. can someone tell me > how ? thanks in advance. I can't guarantee this will work, and I don't have any way to test it, but my above comments would suggest something more like: > ipfw add 1 allow all from to any MAC any ipfw add 1 allow all from any to MAC any out via $oif Good luck.