Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 29 May 2007 10:23:04 +0200
From:      Jon Otterholm <>
Subject:   Limit Ethernet Broadcast
Message-ID:  <>

Next in thread | Raw E-Mail | Index | Archive | Help

I am trying to limit traffic to the Ethernet broadcast address 
(ff:ff:ff:ff:ff:ff). I am running IPFW on a if_bridge(4) and don't want 
clients from member if's to be able to send ethernet broadcasts to each 
other. The router itself though should be able to send traffic to the 
Ethernet Broadcast address and clients should be able to send traffic to 
the router destined for Ethernet Broadcast address. Accordingly to man 
pages I cannot use the "me" statement as this only applies to 
IP-addresses configured on the local system, my if's don't have 
IP-addresses configured. Only the bridge itself has an IP-address.

bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        inet X.X.X.X netmask 0xffffff80 broadcast X.X.X.X
        ether 00:00:00:00:00:00
        priority 32768 hellotime 2 fwddelay 15 maxage 20
        member: em0.10 flags=1<LEARNING>
        member: em0.20 flags=1<LEARNING>

Summary (no valid IPFW-config, just to illustrate):

allow from router to ff:ff:ff:ff:ff:ff
allow from em0.* to router MAC ff:ff:ff:ff:ff:ff any
deny from em0.* to em0.* MAC ff:ff:ff:ff:ff:ff any

Is this doable?


Want to link to this message? Use this URL: <>