Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 29 Jan 2007 18:13:00 +0100
From:      Philipp Wuensche <>
To:        Frank Staals <>
Subject:   Re: PF and MAC-Filtering ?
Message-ID:  <>
In-Reply-To: <>
References:  <>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
Frank Staals wrote:
> I'm trying to get my FreeBSD gateway with PF firewall to only allow
> acces to my network and internet from a couple computers through MAC
> filtering. I couldn't realy find out what rules I should use; From the
> information I found on google I tried something like this but it seems
> that PF doesn't see the entrie(s) in my mac-table as a mac adres: ( only
> pasted the related rules ) :
> block log
> ### Only allow WLAN connections from trusted Systems::
> table <wlanmacs> persist file "/usr/local/etc/pf/wlanmacs"
> pass in  on $wlanif from src <wlanmacs> to any keep state
> pass out on $wlanif from any to src <wlanmacs> keep state
> with in /usr/local/etc/pf/wlanmacs one Mac adres on each line; example:
> 00:0b:7b:23:33:25
> As I said it doesn't seem that PF gets that it should treat the entries
> in the table as mac-adresses. How can I do that ? Or is there a better
> way to achieve the same result  ?

Just filter by ip-addr. on your gateway, it gives you the same level of
security as filtering by mac-addr. and configure your basestation to
only accept clients with mac-addr. you have allowed.

If you need some kind of authentication, take a look at authpf.


Want to link to this message? Use this URL: <>