[ previous ] [ next ] [ threads ]
 From:  Alain Fauconnet <alain at ait dot ac dot th>
 To:  Chris Buechler <cbuechler at gmail dot com>
 Cc:  MonoWall-General List <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] how do i block a particular client internet access
 Date:  Mon, 10 Apr 2006 10:20:51 +0700
On Sat, Apr 08, 2006 at 06:54:49PM -0400, Chris Buechler wrote:
> On 4/8/06, jan gestre <m0n0wall dot list at gmail dot com> wrote:
> >
> > how do i block a particular client pc via its mac address?
> http://doc.m0n0.ch/handbook/faq-macfilt.html

Since I have the same need here I have read this page and I was
suprised not seeing any solution based on custom ipfw rules.

I have experimented with this a bit and had some success adding 
custom rules in the 28900 range, using a command like:

ipfw add 289xx deny ip from any to any MAC any xx:xx:xx:xx:xx layer2

These can be entered from the exec.php interface, I cooked up a small
Perl script that does so that I can automate the process remotely. It
matches my needs more than making this permanent in the configuration.

I'm a complete newbie with ipfw (I grew with netfilter/iptables :-)
but that seemed to do the trick for me. Am I overlooking something? 
Comments from m0n0wall/ipfw gurus quite welcome!