Solved Why Incorrect MAC address?

[Hot2017]

FreeBSD 11.0 p7

ipfw add deny all from any to any  MAC src-mac 30:52:CB:D6:D6:85 mac-type ipv4
ipfw: Incorrect MAC address

ipfw add deny all from any to any  MAC src-mac 30:52:CB:D6:D6:85 mac-type 0x0800
ipfw: Incorrect MAC address

 

[usdmatt]

{ MAC | mac } dst-mac src-mac
Match packets with a given dst-mac and src-mac addresses, speci-
fied as the any keyword (matching any MAC address), or six groups
of hex digits separated by colons, and optionally followed by a
mask indicating the significant bits. The mask may be specified
using either of the following methods:

1. A slash (/) followed by the number of significant bits.
For example, an address with 33 significant bits could be
specified as:

MAC 10:20:30:40:50:60/33 any

2. An ampersand (&) followed by a bitmask specified as six
groups of hex digits separated by colons. For example,
an address in which the last 16 bits are significant
could be specified as:

MAC 10:20:30:40:50:60&00:00:00:00:ff:ff any

Note that the ampersand character has a special meaning
in many shells and should generally be escaped.

Note that the order of MAC addresses (destination first, source
second) is the same as on the wire, but the opposite of the one
used for IP addresses.

I'm no good at reading documention (examples are worth 1000 words) but I don't see any reference to src-mac or dst-mac as keywords.
It looks like it should just be mac [dst] [src], so in your case something like mac any 30:52:CB:D6:D6:85.

Edit: Managed to get the source and destination round the wrong way in my example. dst src seems backwards to me...

 

[leebrown66]

ipfw add 1001 allow ip from any to any mac any 30:52:CB:D6:D6:85 mac-type ipv4

Like usdmatt says, following the mac keyword is the destination mac followed by the source mac. In my example only that fixed mac can talk to any mac.

 

[Hot2017]

Thanks, it works now