Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 31 Jan 2008 10:50:21 +0000
From:      Bob Bishop <rb@gid.co.uk>
To:        =?ISO-8859-1?Q?Szemer=E9dy_G=E1bor?= <gaborszem@eccf.su.ac.yu>
Cc:        freebsd-stable@freebsd.org
Subject:   Re: Allowing access to IP/MAC pairs only
Message-ID:  <53A7C877-8199-41C7-BAC5-C4F7E460B9D0@gid.co.uk>
In-Reply-To: <47A213DD.1060806@eccf.su.ac.yu>
References:  <47A213DD.1060806@eccf.su.ac.yu>

next in thread | previous in thread | raw e-mail | index | archive | help
Hi,

On 31 Jan 2008, at 18:30, Szemer=E9dy G=E1bor wrote:

> Hello list!
> We have feeBSD 6.2 machines with local subnets on the servers and =20
> would like to allow access to the internet only for workstations =20
> with exact IP/MAC pairs and deny access for not predefined pairs.
> Is there a solution in firewall settings?

In ipfw, something like:

allow ip from <ip A> to any mac any <mac of ip A>
allow ip from <ip B> to any mac any <mac of ip B>
...
deny ip from any to any

Beware that MAC addresses are given in the order dest, src.

--
Bob Bishop          +44 (0)118 940 1243
rb@gid.co.uk fax +44 (0)118 940 1295







Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?53A7C877-8199-41C7-BAC5-C4F7E460B9D0>