On Wed, Jun 13, 2012 at 4:56 PM, Ian Smith <smi...@nimnet.asn.au> wrote:
> On Mon, 11 Jun 2012 15:18:18 -0700, Randal L. Schwartz wrote: > > >>>>> "Bill" == Bill Yuan <byc...@gmail.com> writes: > > Bill> I want to create a white list MAC address, Only the machine > which it's MAC > > Bill> in the white list will be allowed, all others will be blocked. > > > > Bad idea. Since (a) every MAC address that *is* allowed is transmitted > > in the clear and (b) it's trivial to spoof a MAC address. > > > > This. is. no. security. > > Indeed, that's right Randal. But I got the impression from Bill's mails > that this is more likely just something inside his internal network. Filtering by MAC is not secure, I agree. but at least secure enough for a internal network. And I am quite sure what I want to archive. I am really want to know how to FILTER BY MAC . > > > Please stop even trying. > > Well I don't think learning how to use ipfw properly at layer2 is a bad > idea in itself, and I wouldn't want to discourage anyone from that. > > For some years I ran a filtering transparent bridge with ipfw + dummynet > for a small network of about 20 mostly W98, XP and Mac boxes sharing one > slow ADSL gateway between various assorted community groups (talk about > herding cats! :) and MAC filtering was one of the handiest tools when > some box or other got owned (again!) by some virus and started spewing > spam, provider complains and/or cuts access .. you know the deal. > > In that sort of environment, none of the punters had any clue about > forging MACs or anything vaguely like that, and it stopped people > randomly plugging boxes into the network. Horses for courses. > > I replied in more detail to another from Bill privately, copy follows. Thanks. I saw your email already .very helpful . I will continue to try in that way . and share with all here in the feature.:) cheers, Ian _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
