Hello list! We have feeBSD 6.2 machines with local subnets on the servers and would like to allow access to the internet only for workstations with exact IP/MAC pairs and deny access for not predefined pairs. Is there a solution in firewall settings? Thanks
Hi, On 31 Jan 2008, at 18:30, Szemer?dy G?bor wrote:> Hello list! > We have feeBSD 6.2 machines with local subnets on the servers and > would like to allow access to the internet only for workstations > with exact IP/MAC pairs and deny access for not predefined pairs. > Is there a solution in firewall settings?In ipfw, something like: allow ip from <ip A> to any mac any <mac of ip A> allow ip from <ip B> to any mac any <mac of ip B> ... deny ip from any to any Beware that MAC addresses are given in the order dest, src. -- Bob Bishop +44 (0)118 940 1243 rb@gid.co.uk fax +44 (0)118 940 1295
Greetings, Szemer?dy G?bor wrote:> Hello list! > We have feeBSD 6.2 machines with local subnets on the servers and > would like to allow access to the internet only for workstations with > exact IP/MAC pairs and deny access for not predefined pairs. > Is there a solution in firewall settings?man arp and look at options -s and -S.> Thanks > _______________________________________________ > freebsd-stable@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org"-- Best Wishes, Stefan Lambrev ICQ# 24134177
On Thu, Jan 31, 2008 at 10:30:53AM -0800, Szemer?dy G?bor wrote:> We have feeBSD 6.2 machines with local subnets on the servers and would > like to allow access to the internet only for workstations with exact > IP/MAC pairs and deny access for not predefined pairs. > Is there a solution in firewall settings?You need not any firewall for that. Just use "ifconfig em0 staticarp" disable ARP table updates for interface em0 (replace em0 with your interface name) and load IP/MAC pairs into ARP table with "arp -f arps_em0" command where file named "arps_em0" contains those pairs: 10.10.10.10 00:11:22:33:44:55 10.10.10.11 00:11:22:33:44:56 10.10.10.12 00:11:22:33:44:57 Eugene Grosbein