In message <ad9c0c030410280604eafaf4c@mail.gmail.com>, Jean-Edouard Babin write
s:
>Hello,
>
>I have a router running netbsd with 3 ethernet interface (sip0 ..
>sip2), one used for internet connection, one for the wired network and
>the last for wireless network (with a 802.11g bridge).
>Currently i use a quite simple ipf configuration, i allow less things
>to people that come from the wireless interface than people comming
>from wired one.
>Today wireless network are more secure, so i would like to allow more
>things, but only for some people on this network, i can't make rule
>from ip because the network use dhcp, so the only solution i see is to
>make rule by MAC adresse and ipf doesn't seem to handle mac adresse.
>I was thinking to make a virtual interface, and associate MAC adresse
>to this virtual interface, and allow more things for this interface,
>but i didn't find a way to do this because netbsd vlan interface
>doesn't associate a vlan with a mac adresse
>so i'm looking for a great idea :)

Are you running dhcpd?  If so, you can use it to map certain MAC 
addresses to fixed IP addresses; then you can use the IP addresses for 
filtering.

		--Steve Bellovin, http://www.research.att.com/~smb