d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
78bc019d22
freebsd-dev/sys/netpfil
History
Arseny Smalyuk 81cac3906e ipfw: add support radix tables and table lookup for MAC addresses 
By analogy with IP address matching, add a way to use ipfw radix
tables for MAC matching. This is implemented using new ipfw table
with mac:radix type. Also there are src-mac and dst-mac lookup
commands added.

Usage example:
  ipfw table 1 create type mac
  ipfw table 1 add 11:22:33:44:55:66/48
  ipfw add skipto tablearg src-mac 'table(1)'
  ipfw add deny src-mac 'table(1, 100)'
  ipfw add deny lookup dst-mac 1

Note: sysctl net.link.ether.ipfw=1 should be set to enable ipfw
filtering on L2.

Reviewed by:	melifaro
Obtained from:	Yandex LLC
MFC after:	1 month
Relnotes:	yes
Sponsored by:	Yandex LLC
Differential Revision:	https://reviews.freebsd.org/D35103
2022-06-04 19:12:29 +03:00
..
ipfilter/netinet netpfil: Remove a double word in a source code comment 2022-04-09 14:20:09 +02:00
ipfw ipfw: add support radix tables and table lookup for MAC addresses 2022-06-04 19:12:29 +03:00
pf pf: Improve route-to handling of pfsync'd states 2022-06-04 14:23:17 +02:00