Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 29 Jan 2007 18:13:00 +0100
From:      Philipp Wuensche <cryx-freebsd@h3q.com>
To:        Frank Staals <frankstaals@gmx.net>
Cc:        questions@FreeBSD.org
Subject:   Re: PF and MAC-Filtering ?
Message-ID:  <45BE2B1C.8010302@h3q.com>
In-Reply-To: <45BDF715.6010703@gmx.net>
References:  <45BDF715.6010703@gmx.net>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
Frank Staals wrote:
> I'm trying to get my FreeBSD gateway with PF firewall to only allow
> acces to my network and internet from a couple computers through MAC
> filtering. I couldn't realy find out what rules I should use; From the
> information I found on google I tried something like this but it seems
> that PF doesn't see the entrie(s) in my mac-table as a mac adres: ( only
> pasted the related rules ) :
> 
> block log
> 
> ### Only allow WLAN connections from trusted Systems::
> table <wlanmacs> persist file "/usr/local/etc/pf/wlanmacs"
> pass in  on $wlanif from src <wlanmacs> to any keep state
> pass out on $wlanif from any to src <wlanmacs> keep state
> 
> with in /usr/local/etc/pf/wlanmacs one Mac adres on each line; example:
> 
> 00:0b:7b:23:33:25
> 
> As I said it doesn't seem that PF gets that it should treat the entries
> in the table as mac-adresses. How can I do that ? Or is there a better
> way to achieve the same result  ?

Just filter by ip-addr. on your gateway, it gives you the same level of
security as filtering by mac-addr. and configure your basestation to
only accept clients with mac-addr. you have allowed.

If you need some kind of authentication, take a look at authpf.

greetings,
philipp




Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?45BE2B1C.8010302>