ipfw2 in 5.2.1
Chris Martin
outsidefactor at iinet.net.au
Tue Sep 7 09:40:22 PDT 2004
G'day.
>
> hi - this is my first post to this list so go easy on me !
Welcome.
> I am trying to
> find info on using ipfw2 with freebsd 5.2.1 as I have read that it
> supports MAC address based firewalling.
The ipfw manpage has this to say:
{ MAC | mac } dst-mac src-mac
Match packets with a given dst-mac and src-mac addresses,
speci-
fied as the any keyword (matching any MAC address), or six
groups
of hex digits separated by colons, and optionally followed by a
mask indicating the significant bits. The mask may be
specified
using either of the following methods:
1. A slash (/) followed by the number of significant bits.
For example, an address with 33 significant bits could
be
specified as:
MAC 10:20:30:40:50:60/33 any
2. An ampersand (&) followed by a bitmask specified as six
groups of hex digits separated by colons. For example,
an address in which the last 16 bits are significant
could be specified as:
MAC 10:20:30:40:50:60&00:00:00:00:ff:ff any
Note that the ampersand character has a special meaning
in many shells and should generally be escaped.
Note that the order of MAC addresses (destination first, source
second) is the same as on the wire, but the opposite of the one
used for IP addresses.
e.g.:
00500 0 0 allow ip from any to any MAC 00:30:4f:27:0e:1a any via
ath1
00501 0 0 allow ip from any to any MAC any 00:30:4f:27:0e:1a via
ath1
> I cannot find a lot of info on google on compiling the kernal for ipfw2,
> and their is no man page for ipfw2 only ipfw.
If you compile ipfw on 5.x it is ipfw2.
In the ipfw manpage:
NOTE: this manual page documents the newer version of ipfw
introduced
in FreeBSD CURRENT in July 2002, also known as ipfw2. ipfw2 is a
superset of the old firewall, ipfw1. The differences between the
two
are listed in Section IPFW2 ENHANCEMENTS, which you are encouraged
to
read to revise older rulesets and possibly write them more effi-
ciently. See Section USING IPFW2 IN FreeBSD-STABLE for
instructions
on how to run ipfw2 on FreeBSD STABLE.
This is a good start:
http://www.au.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls.html
This is an OK set of more advanced rules (though they assume you have static
addresses):
http://www.acme.com/firewall.html
Hope that helps!
More information about the freebsd-newbies
mailing list