filtering based on MAC address

j4ck

• May 6, 2013

• #1

Hi guys

Using IPFW we can filter traffic based on MAC address. As far as I know it is not possible to do such filtering via PF, since it's an IP filter and does not know anything about layer 2 issues. Is there any way to do so in PF besides using bridge?

 

D

Dies_Irae

• May 6, 2013

• #2

Without using bridge(4), no. As you said, pf(4) works at the network layer, while the MAC address is in the (lower) data link layer.

 

OP

j4ck

• May 6, 2013

• Thread Starter
• #3

Should the system act as a bridge in order to do the tagging or is it (bridge) just used to do the tagging regardless of the system rule?

 

Q

Quip

• May 7, 2013

• #4

Are you sure FreeBSD can do tagging with bridge? I know it is possible on OpenBSD but I didn't found it on FreeBSD.

 

OP

j4ck

• May 8, 2013

• Thread Starter
• #5

Are there any patches which enable layer 2 filtering in PF or something?