mirror of
https://github.com/opnsense/src.git
synced 2026-05-28 04:12:45 -04:00
c31f8b7bd8
By analogy with IP address matching, add a way to use ipfw radix
tables for MAC matching. This is implemented using new ipfw table
with mac:radix type. Also there are src-mac and dst-mac lookup
commands added.
Usage example:
ipfw table 1 create type mac
ipfw table 1 add 11:22:33:44:55:66/48
ipfw add skipto tablearg src-mac 'table(1)'
ipfw add deny src-mac 'table(1, 100)'
ipfw add deny lookup dst-mac 1
Note: sysctl net.link.ether.ipfw=1 should be set to enable ipfw
filtering on L2.
Reviewed by: melifaro
Obtained from: Yandex LLC
Relnotes: yes
Sponsored by: Yandex LLC
Differential Revision: https://reviews.freebsd.org/D35103
(cherry picked from commit
|
||
|---|---|---|
| .. | ||
| altq.c | ||
| dummynet.c | ||
| ipfw.8 | ||
| ipfw2.c | ||
| ipfw2.h | ||
| ipv6.c | ||
| main.c | ||
| Makefile | ||
| Makefile.depend | ||
| nat.c | ||
| nat64clat.c | ||
| nat64lsn.c | ||
| nat64stl.c | ||
| nptv6.c | ||
| tables.c | ||