MAC locking and filtering in FreeBSD
Eugene Grosbein
eugen at kuzbass.ru
Thu May 14 03:25:15 UTC 2009
On Wed, May 13, 2009 at 10:48:02AM -0600, Brett Glass wrote:
> I need to find a way to do "MAC address locking" in FreeBSD -- that
> is, to ensure that only a machine with a particular MAC address can
> use a particular IP address. Unfortunately, it appears that rules
> in FreeBSD's IPFW are "stuck" on one layer: rules that look at
> Layer 2 information in a packet can't look at Layer 3, and vice
> versa. Is there a way to work around this to do MAC address locking
> and/or other functions that involve looking at Layer 2 and Layer 3
> simultaneously?
There is no need in advanced filtering rules for that.
Just use 'arp -f /path/to/IP-MAC-pairs' with 'ifconfig $iface staticarp'.
We use that for years since FreeBSD 2.2.x (before 4.x that required patches).
Eugene Grosbein
More information about the freebsd-net
mailing list