[ previous ] [ next ] [ threads ]
 From:  "Arturas Satkovskis" <arsatk at delfi dot lt>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] MAC filtering in firewall rules
 Date:  Wed, 19 May 2004 23:47:15 +0300
It of cause could be because m0n0wall is based on older version of FreeBSD
(did not dig into that yet)
Or could be I am mixing here something, but at least the man page of ipfw
says in the "RULE OPTIONS (MATCH PATTERNS" reads:

{ MAC | mac } dst-mac src-mac
	     Match packets with a given dst-mac and src-mac addresses,
	     fied as the any keyword (matching any MAC address), or six
	     of hex digits separated by colons, and optionally followed by a
	     mask indicating the significant bits.  The mask may be
	     using either of the following methods:

	     1.      A slash (/) followed by the number of significant bits.
		     For example, an address with 33 significant bits could
		     specified as:

			   MAC 10:20:30:40:50:60/33 any

	     2.      An ampersand (&) followed by a bitmask specified as six
		     groups of hex digits separated by colons.	For example,
		     an address in which the last 16 bits are significant
		     could be specified as:

			   MAC 10:20:30:40:50:60&00:00:00:00:ff:ff any

		     Note that the ampersand character has a special meaning
		     in many shells and should generally be escaped.

	     Note that the order of MAC addresses (destination first, source
	     second) is the same as on the wire, but the opposite of the one
	     used for IP addresses.

     mac-type mac-type
	     Matches packets whose Ethernet Type field corresponds to one of
	     those specified as argument.  mac-type is specified in the same
	     way as port numbers (i.e. one or more comma-separated single
	     ues or ranges).  You can use symbolic names for known values
	     as vlan, ipv4, ipv6.  Values can be entered as decimal or hexa-
	     decimal (if prefixed by 0x), and they are always printed as
	     decimal (unless the -N option is used, in which case symbolic
	     resolution will be attempted).

-----Original Message-----
From: Dinesh Nair [mailto:dinesh at alphaque dot com] 
Sent: 2004 m. geguþës 19 d. 12:06
To: Michal Harajda
Cc: m0n0wall at lists dot m0n0 dot ch
Subject: Re: [m0n0wall] MAC filtering in firewall rules

On Wed, 19 May 2004, Michal Harajda wrote:

> Its possible to add filtering by mac address to firewall rules ?

no, because ipfilter does not filter by mac addr.

Regards,                           /\_/\   "All dogs go to heaven."
dinesh at alphaque dot com                (0 0)    http://www.alphaque.com/
| for a in past present future; do                                        |
|   for b in clients employers associates relatives neighbours pets; do   |
|   echo "The opinions here in no way reflect the opinions of my $a $b."  |
| done; done                                                              |

To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch