[FUG-BR] pf e MAC (?)

Nilton Jose Rizzo rizzo em i805.com.br
Quinta Julho 19 12:54:24 BRT 2007 

On Thu, 19 Jul 2007 11:59:06 -0300, Márcio Luciano Donada wrote
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Márcio Luciano Donada escreveu:
> > Pessoal, Estive dando uma olhada no histórico e encontrei alguma
> > coisa, [1] sobre o pf e MAC. Tem alguém que usa algo parecido?
> > Funciona perfeitamente em sub-redes? Alguém pode dar algum tipo de
> > comentário sobre o assunto?
> >
> > [1].
> > http://www.fug.com.br/historico/html/freebsd/2005-10/msg00010.html
> >
> > Obrigado,
> >
> >
> 
> Simplificando a pergunta, é possível filtrar MAC no ipfw2 em su     { MAC | 
b-redes?


do man ipfw

     { MAC | mac } dst-mac src-mac
             Match packets with a given dst-mac and src-mac addresses, speci-
             fied as the any keyword (matching any MAC address), or six groups
             of hex digits separated by colons, and optionally followed by a
             mask indicating the significant bits.  The mask may be specified
             using either of the following methods:

             1.      A slash (/) followed by the number of significant bits.
                     For example, an address with 33 significant bits could be
                     specified as:

                           MAC 10:20:30:40:50:60/33 any

             2.      An ampersand (&) followed by a bitmask specified as six
                     groups of hex digits separated by colons.  For example,
                     an address in which the last 16 bits are significant
                     could be specified as:

                           MAC 10:20:30:40:50:60&00:00:00:00:ff:ff any

                     Note that the ampersand character has a special meaning
                     in many shells and should generally be escaped.

     ipfw add 250 allow all from 192.168.11.9 to any MAC any 00:80:C8:B7:2F:F4 

veja + no historico ... procure por layer2


http://www.fug.com.br/historico/cgi-bin/namazu.cgi?query=layer2&submit=Search%21&idxname=freebsd&max=20&result=normal&sort=score
http://www.fug.com.br/historico/html/freebsd/2005-02/msg00274.html



> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.5 (MingW32)
> 
> iD8DBQFGn3w6bjyCr4Ixg0wRAtq3AJ4gg1Y5njrb8lpk7dgXYJFGcvGllgCfaIRS
> tVaCn7bTJQ5ZLAdRH9Aiv8k=
> =iNiX
> -----END PGP SIGNATURE-----
> 
> -------------------------
> Histórico: http://www.fug.com.br/historico/html/freebsd/
> Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd


-- 
Nilton José Rizzo 
805 Informatica 
Disseminado tecnologias 
021 2413 9786

Mais detalhes sobre a lista de discussão freebsd