The title is self explanatory.
I want to create rules in pf running on OpenBSD 4.9 for perticular MAC address, something like
pass in on eth0 from mac 00:04:34:5f:34:33 to mac 34:32:34:06:5e:22
I have read this, but it doesn't help!!
Asked
Active
Viewed 4,009 times
2 Answers
2
If i remember well, you can't. You can only filter mac address when you do it on a bridge if
mandrake73
- 21
2
As mandrake pointed out you can't filter by MAC address directly in PF (it's an IP packet filter, it knows not of this "ethernet" thing).
What you CAN do, if your system is acting as a bridge, is tag packets based on MAC address, and then filter based on the tag.
From the pf FAQ:
Tagging Ethernet Frames
Tagging can be performed at the Ethernet level if the machine doing the tagging/filtering is also acting as a bridge(4). By creating bridge(4) filter rules that use the tag keyword, PF can be made to filter based on the source or destination MAC address. Bridge(4) rules are created using the ifconfig(8) command.
Example:
# ifconfig bridge0 rule pass in on fxp0 src 0:de:ad:be:ef:0 tag USER1And then in pf.conf:
pass in on fxp0 tagged USER1
