On Jun 10, 2007, at 6:13 PM, Barrett Hartman wrote:
Hello All,
I am trying to create a rule in IPFW that will match on a MAC
address. The system is running 10.4.9. According to the IPFW man
page the rule should look something like "ipfw add allow MAC any
<mac address> in" to allow any IP traffic from a specific MAC
address. However when I add that to the FW ruleset no traffic is
being matched to the rule. If I set the rule to log traffic from
that IP it is not logged. Just to make sure it was not being
matched to a earlier rule I set it to be the first in the list. I
have confirmed that the MAC address is connecting to and passing
traffic to the host using tcpdump. In BSD you need to have the
sysctl variable net.link.ether.ipfw set to 1 for layer 2 checks in
IPFW. I didn't see an equivalent sysctl variable in OS X. While I
am sure I am just missing something I can't figure out what it is.
Any help is greatly appreciated!
Thanks!
- Barrett
Hi,
Though the ipfw man page does clearly state that MAC based filtering
should work, this would not be the first time that the ipfw man page
documents features that are absent from Mac OS X's ipfw :) Given that
the sysctl variable doesn't exist at all, I'd say your chances of
getting this to work are slim. I'd file a bug at http://
bugreporter.apple.com demonstrating that you can follow the steps
documented in the man page to make it work, and it doesn't work.
In the mean time, it might be good to investigate static DHCP. If a
given machine always gets the same IP address, then you can use
regular ol' layer 3 ipfw rules to do your bidding.
-Andre
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/macos-x-server/email@hidden
