Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 20 Aug 2004 17:47:17 -0500
From:      Wayne M Barnes <wayne@etaq.com>
To:        Chuck Swiger <cswiger@mac.com>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: dhcpd MAC filter
Message-ID:  <20040820224717.GA66583@etaq.com>
In-Reply-To: <41263C76.7070102@mac.com>
References:  <20040820172222.GA65972@etaq.com> <41263C76.7070102@mac.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
Dear Chuck,

   Thanks for the tip about ipfw, but I can't seem to write
an acceptable line for rc.firewall, even after reading man ipfw,
which does not show a full example.

   For instance, the following confuses ipfw when I put it
into rc.firewall:

#from man ipfw: MAC 10:20:30:40:50:60/33 any
ipfw add drop all from MAC 00:02:2d:2e:04:28 to any

    It complains that MAC is an unknown machine.

    How should I spell a firewall rule invocation that will
prevent a certain MAC serial number from getting through or to 
my FreeBSD machine?

    Thank you for any further advice.

                    -- Wayne

On Fri, Aug 20, 2004 at 02:01:26PM -0400, Chuck Swiger wrote:
> Wayne M Barnes wrote:
> >    Is there a way to allow or disallow certain computers by their
> >MAC number?
> 
> ipfw 2 supports firewalling by MAC address, so yes.
> 
> >    This ability comes with the software on my wireless access point,
> >but I prefer that my FreeBSD system hand out the IP addresses,
> >and I cannot find this MAC-filtering ability at man dhcpd.
> >
> >   isc-dhcp3-server-3.0.1.r14_2 is my installed port.
> >Is there another dhpcd to try?
> 
> You can specify MAC addresses in your DHCP config to reserve specific IP 
> addresses for specific machines.  I'm not sure whether there is a way to 
> tell DHCP not to grant a lease to MAC addresses which are not found, but 
> then, without using a firewall, someone could manually configure a foreign 
> host to use the connection, regardless of whether they can get a DHCP lease.
> 
> -- 
> -Chuck

-- 
Wayne M Barnes
wayne@etaq.com    fax: (314) 754-9556

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040820224717.GA66583>