On Thu, Jan 16, 2003 at 01:21:48PM +0100, TiTi wrote:
> Hi all.
> 
> I'm wondering if there is a way to filter network packets 
> based on their MAC address... ?

Well i didnt exactly filter, but what i did in my dmz was this:
I edited

src/sys/netinet/if_arp.c

and went to arplookup()
in there is: rt = rtalloc1.....
and replaced it with rt = 0;  :-)

Then i recompiled the kernel source.
After a reboot i inserted static entries in the arp table.
This resulted in that new entries couldn't be learned anymore.
So, a kind of static arp table, very usefull for my dmz :-)
Because i know exactly which machines are in the dmz
and how many interfaces they have and their mac's, i dont need
any crazy stuff like arp spoofing, might anyone be able to crack
a machine in there. Okay, this is not nicely done, but it worked fine for me.
It also not really mac filtering, but it was a solution for me at the time.
Bye,

Mipam.