Scot Hetzel <[EMAIL PROTECTED]> wrote:
On Mon, 14 Feb 2005 23:58:03 +0300, Artem Kuchin <[EMAIL PROTECTED]>
wrote:
Hi!
I have a table with ethernet (MAC) addresses matching IPs. It is
used to build dhcp config file. But regardless of that any user can
assign his neighbour ips while that pc is turned off and use it to
access internet. The local ips are 192.168. and are behind natd.
I am running 5.3-STABLE and have heard that ipfw2 can in someway
use MAC addresses, but how do I setup ipfw in such a way that
it allows certain IP only from one and only one MAC address?
I hope you are getting my idea.
You would add the following to the end of your IPFW rule for each IP
Address you want to restrict.
pass all from 192.168.0.10 to any mac any 10:20:30:40:50:60
Where "10:20:30:40:50:60" is the MAC addr for IP addr 192.168.0.10.
I have tried static arp today and it seems like it works. As others
mentions,
it is possible SOMETIMES to change mac address of a nic, so static arp
may fail as well as this firewall rule. So, i am wondering which method is
better static arp entries or ipfw rules?
Artem
_______________________________________________
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[EMAIL PROTECTED]"