ipfw: add dst-mac/src-mac shorthands to do filtering based on source/destination MAC.
This is similar to the ipfw mac command, but assumes the other side is any.
Submitted by: Neel Chauhan <neel AT neelc DOT org>
Differential D24192
ipfw: add dst-mac/src-mac shorthands to do filtering based on source/destination MAC nc on Mar 26 2020, 2:06 AM. Authored by Tags Referenced Files
Details ipfw: add dst-mac/src-mac shorthands to do filtering based on source/destination MAC. This is similar to the ipfw mac command, but assumes the other side is any. Submitted by: Neel Chauhan <neel AT neelc DOT org> Look at the command example. # sysctl net.link.ether.ipfw=1 net.link.ether.ipfw: 0 -> 1 # ipfw add 2000 deny dst-mac 00:01:02:03:04:05 02000 deny MAC any 00:01:02:03:04:05 root@spectre:/home/neel # ping 1.1.1.1 ... 1 packets transmitted, 0 packets received, 100.0% packet loss # ipfw del 2000 ipfw: DEPRECATED: 'del' matched 'delete' as a sub-string # ping 1.1.1.1 ... 1 packets transmitted, 1 packets received, 0.0% packet loss ... # No unit test is given, for the reason that they caused a kernel panic from IPFW Layer 2 and vnet jails.
Diff Detail
Event Timeline |