rule like below #allow the traffic which source mac is belong to the machine ipfw add 1 allow all from any to any MAC <MAC ADDR1> any #allow the ...... destination mac is that machine ipfw add 1 allow all from any to any MAC any <MAC ADDR1> ipfw add 1 deny all from any to any
it is not working , all the traffic will be block by the deny !!! how come ? On Sat, Jun 9, 2012 at 4:30 AM, Lowell Gilbert < freebsd-questions-lo...@be-well.ilk.org> wrote: > Bill Yuan <byc...@gmail.com> writes: > > > i am using freebsd 9.0 as a firewall and i want to filter the traffic by > > the mac and the ip at the same time, > > > > for example, i only allow my laptop <MAC Address 1> can go throught the > > firewalll when it's using IP <IP Address 1> > > > > for how to config the firewall rules? > > > > > > I tried to configure the firewall by the rule below , but it doesnt work > > > > ipfw add 1 allow all from <IP Address 1> to any MAC <MAC Address 1> any > > ipfw add 1 allow all from any to <IP Address 1> MAC any <MAC Address > 1> > > Well, for one thing if I understand your intent, you have the MAC > addresses in the wrong order. Unless your firewall is acting as a > bridge, you also need to keep in mind that the MAC addresses are changed > when passing through, so those rules will only work on one side (i.e., > you'll need "in via" type rules). > > > but it doesnt work. also found the explanation on google, someone already > > asked this question before. > > I don't understand. Was there a suggested approach or not? > > > but I did not find the solution for this requirement. can someone tell > me > > how ? thanks in advance. > > I can't guarantee this will work, and I don't have any way to test it, > but my above comments would suggest something more like: > > > ipfw add 1 allow all from <IP Address 1> to any MAC any <MAC Address > in via $iif > > > ipfw add 1 allow all from any to <IP Address 1> MAC <MAC Address 1> > any out via $oif > > Good luck. > _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
