7

The title is self explanatory.

I want to create rules in pf running on OpenBSD 4.9 for perticular MAC address, something like

pass in on eth0 from mac 00:04:34:5f:34:33 to mac 34:32:34:06:5e:22

I have read this, but it doesn't help!!

Vineet Menon
  • 191
  • 1
  • 7

2 Answers2

2

If i remember well, you can't. You can only filter mac address when you do it on a bridge if

mandrake73
  • 21
  • 1
2

As mandrake pointed out you can't filter by MAC address directly in PF (it's an IP packet filter, it knows not of this "ethernet" thing).

What you CAN do, if your system is acting as a bridge, is tag packets based on MAC address, and then filter based on the tag.

From the pf FAQ:

Tagging Ethernet Frames

Tagging can be performed at the Ethernet level if the machine doing the tagging/filtering is also acting as a bridge(4). By creating bridge(4) filter rules that use the tag keyword, PF can be made to filter based on the source or destination MAC address. Bridge(4) rules are created using the ifconfig(8) command.
Example:

# ifconfig bridge0 rule pass in on fxp0 src 0:de:ad:be:ef:0 tag USER1

And then in pf.conf:

pass in on fxp0 tagged USER1

Community
  • 1
voretaq7
  • 79,345
  • 17
  • 128
  • 213
  • as i mentioned in the question, I have read that page...but why should my machine act as bridge?? can't I use ifconfig to tag frames from a perticular machine(MAC) and then use the tagged packet for pf?? Why being a bridge is a such a necessity? – Vineet Menon Jul 09 '12 at 17:52
  • @VineetMenon "Because that's how it works" -- tagging is a facility provided by [bridge(4)](http://resin.csoft.net/cgi-bin/man.cgi?section=4&topic=bridge) interfaces. As far as I'm aware there's no way to tag (by MAC address) without involving a bridge. The assumption is that you are building a firewall, which is a fancy packet-filtering bridge between `inside` and `outside` interfaces. – voretaq7 Jul 09 '12 at 18:58
  • actually, i am using openbsd as a fw, but haven't created a bridge, rather have set packet forwarding to 1 in `/etc/sysctl`. Does issueing that command produces a bridge internally?? Can you refer me some nice references where i can read about it? – Vineet Menon Jul 10 '12 at 04:44
  • @VineetMenon http://www.openbsd.org/faq/pf/ is the canonical reference for ALL things `pf`-related. I didn't write it, but everything I know is in there. – voretaq7 Jul 10 '12 at 05:04