Actions
Feature #2424
closedAllow masking of pass-thru MACs
Start date:
05/10/2012
Due date:
% Done:
100%
Estimated time:
Plus Target Version:
Release Notes:
Description
ipfw supports masking MACs, sort of like a CIDR, and this could be a useful feature to allow, for example, all phones from a certain manufacturer to bypass the portal.
If you disable the MAC validation in the GUI and input, for example, 00:04:13:00:00:00/24 - ipfw accepts the input.
So this may be as simple as expanding the input validation to accommodate the masking, or adding a drop-down from 0-48 (maybe with steps by 4 or 8).
From ipfw(8)
{ MAC | mac } dst-mac src-mac Match packets with a given dst-mac and src-mac addresses, speci- fied as the any keyword (matching any MAC address), or six groups of hex digits separated by colons, and optionally followed by a mask indicating the significant bits. The mask may be specified using either of the following methods: 1. A slash (/) followed by the number of significant bits. For example, an address with 33 significant bits could be specified as: MAC 10:20:30:40:50:60/33 any 2. An ampersand (&) followed by a bitmask specified as six groups of hex digits separated by colons. For example, an address in which the last 16 bits are significant could be specified as: MAC 10:20:30:40:50:60&00:00:00:00:ff:ff any Note that the ampersand character has a special meaning in many shells and should generally be escaped. Note that the order of MAC addresses (destination first, source second) is the same as on the wire, but the opposite of the one used for IP addresses.
Updated by Viktor Gurov about 4 years ago
Updated by Jim Pingle about 4 years ago
- Status changed from New to Pull Request Review
- Target version changed from Future to 2.5.0
Updated by Renato Botelho about 4 years ago
- Status changed from Pull Request Review to Feedback
- Assignee set to Renato Botelho
- % Done changed from 0 to 100
PR has been merged. Thanks!
Actions