On Tuesday 31 August 2004 18:07, Steve Quezadas wrote: > Hello, > > I have tried and tried and tried to get mac filtering to work with > ipfw2. I have tried the usual sources (Google Groups, google, mailling > list, man pages, etc). Here it goes: > > I basically want to allow traffic to come from one mac address. I am > trying to get the following rule to work: > > ipfw add accept tcp from any to any MAC any 10:20:30:40:50:60 > > Yes, ipfw2 is on my freebsd system. This rule is basically: "allow > traffic from mac address 10:20:30:40:50:60 to anywhere on the > network". > > What am I doing wrong?
Did you set the sysctl net.link.ether.ipfw=1? You can do this in /etc/sysctl.conf or via the sysctl command. If you want to establish any kind of useful communication, you need to allow incoming and outgoing traffic for the specified MAC. # ipfw add pass MAC any 10:20:30:40:50:60 # ipfw add pass MAC 10:20:30:40:50:60 any To use arp requests (which are addressed to ff:ff:ff:ff:ff:ff) you need to allow them a way out, too. # ipfw add pass MAC any ff:ff:ff:ff:ff:ff Cheers, ch -- Christian Hiris <[EMAIL PROTECTED]> | OpenPGP KeyID 0x941B6B0B OpenPGP-Key at hkp://wwwkeys.eu.pgp.net and http://pgp.mit.edu