OpenBSD pf with mac address firewalling - BSD

This is a discussion on OpenBSD pf with mac address firewalling - BSD ; Hi, I am wanting to migrate away from my iptables linux bridging firewall and move to openbsd and pf. Currently I have a firewall that blocks all machines by mac address that are not in dhcpd.conf. I would like to ...

+ Reply to Thread
Results 1 to 5 of 5

Thread: OpenBSD pf with mac address firewalling

  1. OpenBSD pf with mac address firewalling

    Hi,
    I am wanting to migrate away from my iptables linux bridging firewall and
    move to openbsd and pf. Currently I have a firewall that blocks all
    machines by mac address that are not in dhcpd.conf. I would like to have
    this working on the new openbsd system that I am building but not sure how
    to block / accept by mac address in pf or should I do this at the bridge
    level?

    In iptables I do this using

    Declare variable:
    MACS_REGISTERED_OUTBOUND=`cat /etc/iptables/registered | awk '{print $1}'`

    this module is needed: modprobe ipt_mac

    $IPTABLES -A BRIDGE-INT -m mac --mac-source $MAC -j ACCEPT

    Does anyone know how to do this with pf on openbsd?

    many thanks



    *************************************
    This email has been sent to you.

  2. Re: OpenBSD pf with mac address firewalling

    On Thu, 05 Oct 2006 21:21:59 +0100, Khalid Schofield wrote:

    > ...I would like to have
    > this working on the new openbsd system that I am building but not sure how
    > to block / accept by mac address in pf or should I do this at the bridge
    > level?


    MAC address filtering is not available via pf, only via brconfig's
    filtering tool.


    --
    --------
    E-mail will only get through if you use my first name before the @


  3. Re: OpenBSD pf with mac address firewalling

    Ah ok
    may thanks for this info. Saved a lot of digging on google.

    I'm off to read the manual for brconfig in depth. Out of interest do you
    know what's needed (example line of code please if possible) to do mac
    filtering?

    *************************************
    This email has been sent to you.

    On Thu, 5 Oct 2006, Josh Grosse wrote:

    > On Thu, 05 Oct 2006 21:21:59 +0100, Khalid Schofield wrote:
    >
    >> ...I would like to have
    >> this working on the new openbsd system that I am building but not sure how
    >> to block / accept by mac address in pf or should I do this at the bridge
    >> level?

    >
    > MAC address filtering is not available via pf, only via brconfig's
    > filtering tool.
    >
    >
    > --
    > --------
    > E-mail will only get through if you use my first name before the @
    >
    >


  4. Re: OpenBSD pf with mac address firewalling

    On Fri, 6 Oct 2006 06:52:01 +0100, Khalid Schofield
    wrote:

    >Ah ok
    >may thanks for this info. Saved a lot of digging on google.
    >
    >I'm off to read the manual for brconfig in depth. Out of interest do you
    >know what's needed (example line of code please if possible) to do mac
    >filtering?
    >


    Use tags,

    http://www.openbsd.org/faq/pf/tagging.html





    greg
    --
    "Hello, 911? It's Quagmire. Yeah... it's in a window this time."

  5. Re: OpenBSD pf with mac address firewalling

    On Fri, 06 Oct 2006 07:52:01 +0100, Khalid Schofield wrote:

    > Ah ok
    > may thanks for this info. Saved a lot of digging on google.
    >
    > I'm off to read the manual for brconfig in depth. Out of interest do you
    > know what's needed (example line of code please if possible) to do mac
    > filtering?


    There are several examples of MAC filtering in the brconfig(8) man page --
    the "3rd synopsis" shows the syntax.

    --
    --------
    E-mail will only get through if you use my first name before the @


+ Reply to Thread