Can I create a pf rule involving MAC address instead of IP?

firewall mac-address openbsd pf

Solution 1:

If i remember well, you can't. You can only filter mac address when you do it on a bridge if

Solution 2:

As mandrake pointed out you can't filter by MAC address directly in PF (it's an IP packet filter, it knows not of this "ethernet" thing).

What you CAN do, if your system is acting as a bridge, is tag packets based on MAC address, and then filter based on the tag.

From the pf FAQ:

Tagging Ethernet Frames

Tagging can be performed at the Ethernet level if the machine doing the tagging/filtering is also acting as a bridge(4). By creating bridge(4) filter rules that use the tag keyword, PF can be made to filter based on the source or destination MAC address. Bridge(4) rules are created using the ifconfig(8) command.
Example:

# ifconfig bridge0 rule pass in on fxp0 src 0:de:ad:be:ef:0 tag USER1

And then in pf.conf:

pass in on fxp0 tagged USER1

Related

Scaling out within a VMware host - add vCPUs or VMs?
How do I force ntfsresize to ignore the backup bootsector?
What permissions do I need if IIS Manager is blank or empty?
Outlook Encrypted Emails boo boo
Apache httpd workers retry
write permission denied via filezilla sftp to /var/www/html
How should an experienced Windows SysAdmin learn Linux? [closed]
MySQL Not Reading Symlinks for Options Files my.cnf
How to disable multiple form submit (POST) in IIS
Extremely slow resync rate of DRBD on dedicated gigabit
Connecting to Remote Server Using Performance Monitor Does Not Work
MySQL lost connection error on mysqldump