Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 05 Jul 2005 19:00:27 -0300
From:      vita gmail <vitadiaz@gmail.com>
To:        freebsd-ipfw@freebsd.org
Subject:   Re: rules to permit only few MAC address
Message-ID:  <42CB02FB.108@gmail.com>
In-Reply-To: <598121599.20050705232925@llwb135.servidoresdns.net>
References:  <1904693964.20050705145004@llwb135.servidoresdns.net>	<8eea04080507051118692d783c@mail.gmail.com> <598121599.20050705232925@llwb135.servidoresdns.net>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
Excuse very I am interested in learning like allowing and to deny MAC in 
my network and that I have LAN and WLAN with that I solve the subject of 
the accesses nonallowed.
What they have been writing does not remove to me from the doubt to be 
able for control of access by MAC, they podrian to me to explain a 
little but of the subject since to continuation of that I must it does 
firewall.
In an answer of Robert Klein it appears that contol by MAC this dice 
from layer 2 and layer 3 in the other mail does not appear.
The example serves but profit not to understand to me like doing 
firewall with those data.
I am thankful to him from already to all.
Excuse my ingles is of translator.



vladone wrote:
> Hello Jon,
> 
> Tuesday, July 5, 2005, 9:18:20 PM, you wrote:
> 
> 
>>On 7/5/05, vladone <vladone@llwb135.servidoresdns.net> wrote:
> 
> 
>>>I want to permit only few MAC address to pass on my gateway.
> 
> 
>>MAC filtering is done at layer 2, so you need to allow ipfw access to
>>the layer 2 packets via
>>sysctl -w net.link.ether.ipfw=1
> 
> 
>>And you may desire rules to only allow arp from certain machines, like:
>>allow ip from any to any mac-type 0x0806 MAC any 00:11:22:33:44:55 in
>>recv fxp1 layer2
> 
> 
>>And traffic, like:
>>allow ip from any to any MAC any 00:11:22:33:44:55 in recv fxp1 layer2
> 
> 
> 
>>Because you're going to have packets traversing ipfw up to 4 times
>>(layer2 in, layer3 in, layer3 out, layer2 out) you might want to split
>>your firewall rules for efficiency, something like:
> 
> 
>>50 skipto 10000 ip from any to any in recv fxp1 not layer2 // ip
>>traffic inbound fxp1
>>60 skipto 12000 ip from any to any in recv fxp0 not layer2 // ip
>>traffic inbound fxp0
>>70 skipto 14000 ip from any to any in recv fxp1 layer2 // ether
>>traffic inbound fxp1
>>80 skipto 16000 ip from any to any in recv fxp0 layer2 // ether
>>traffic inbound fxp0
> 
> 
>>I've done similar things in the past. Hopefully this gives you some ideas.
> 
> 
>   Thanks! Now it seems to be ok. But i dont know how work mac-type. I
>   see different address passed as parameter like: mac-type 0x809b or mac-type 0x80f3 or mac
> -type 0x0023 ....
> 
> 


	

	
		
___________________________________________________________ 
1GB gratis, Antivirus y Antispam 
Correo Yahoo!, el mejor correo web del mundo 
http://correo.yahoo.com.ar 




Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?42CB02FB.108>