It should be quite easy to make using arp utility:
arp -f some.file
That file could be editable through web interface and one button "apply"
could issue command "arp -f that.file"
Instigater
----- Original Message -----
From: "Martin Holst" <mail at martinh dot dk>
To: <arsatk at delfi dot lt>; <m0n0wall at lists dot m0n0 dot ch>
Sent: Thursday, May 20, 2004 1:32 AM
Subject: RE: [m0n0wall] MAC filtering in firewall rules
Hi Arturas!
The thing is that m0n0wall does not use ipfw for firewalling - it uses
ipfilter.
Ipfw is only used for the traffic shaper - in conjunction with dummynet.
(and now also for the captive portal project).
But there has been quite a few requests for MAC filtering - it's even in the
FAQ ;o)
/Martin
-----Original Message-----
From: Arturas Satkovskis [mailto:arsatk at delfi dot lt]
Sent: 19. maj 2004 22:47
To: m0n0wall at lists dot m0n0 dot ch
Subject: RE: [m0n0wall] MAC filtering in firewall rules
It of cause could be because m0n0wall is based on older version of FreeBSD
(did not dig into that yet)
Or could be I am mixing here something, but at least the man page of ipfw
says in the "RULE OPTIONS (MATCH PATTERNS" reads:
{ MAC | mac } dst-mac src-mac
Match packets with a given dst-mac and src-mac addresses,
speci-
fied as the any keyword (matching any MAC address), or six
groups
of hex digits separated by colons, and optionally followed by a
mask indicating the significant bits. The mask may be
specified
using either of the following methods:
1. A slash (/) followed by the number of significant bits.
For example, an address with 33 significant bits could
be
specified as:
MAC 10:20:30:40:50:60/33 any
2. An ampersand (&) followed by a bitmask specified as six
groups of hex digits separated by colons. For example,
an address in which the last 16 bits are significant
could be specified as:
MAC 10:20:30:40:50:60&00:00:00:00:ff:ff any
Note that the ampersand character has a special meaning
in many shells and should generally be escaped.
Note that the order of MAC addresses (destination first, source
second) is the same as on the wire, but the opposite of the one
used for IP addresses.
mac-type mac-type
Matches packets whose Ethernet Type field corresponds to one of
those specified as argument. mac-type is specified in the same
way as port numbers (i.e. one or more comma-separated single
val-
ues or ranges). You can use symbolic names for known values
such
as vlan, ipv4, ipv6. Values can be entered as decimal or hexa-
decimal (if prefixed by 0x), and they are always printed as
hexa-
decimal (unless the -N option is used, in which case symbolic
resolution will be attempted).
-----Original Message-----
From: Dinesh Nair [mailto:dinesh at alphaque dot com]
Sent: 2004 m. geguþës 19 d. 12:06
To: Michal Harajda
Cc: m0n0wall at lists dot m0n0 dot ch
Subject: Re: [m0n0wall] MAC filtering in firewall rules
On Wed, 19 May 2004, Michal Harajda wrote:
> Its possible to add filtering by mac address to firewall rules ?
no, because ipfilter does not filter by mac addr.
Regards, /\_/\ "All dogs go to heaven."
dinesh at alphaque dot com (0 0) http://www.alphaque.com/
+==========================----oOO--(_)--OOo----========================
+==+
| for a in past present future; do |
| for b in clients employers associates relatives neighbours pets; do |
| echo "The opinions here in no way reflect the opinions of my $a $b." |
| done; done |
+=======================================================================
+==+
---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch | 