-1

I have two laptops that I use when I travel. I need them to have access to my LDAP server. I tried configuring this in my IPFW firewall rules, but they fail:

#!/bin/sh
cmd="ipfw -q add"
pif="em0"

## Lots of rules - truncated

$cmd allow log tcp from any MAC "0C:54:A5:04:BA:DD" to me 389 in via $pif setup keep-state
$cmd allow log tcp from any MAC "00:1A:A0:89:CA:EA" to me 389 in via $pif setup keep-state

This is the error message repeated twice:

ipfw: missing ``to''

If I substitute an IP address and remove the "any MAC "address" it works fine. I got this example from a web search. Can anyone tell me what I am doing wrong?

Gerard
  • 11
  • 1

1 Answers1

0

Looking at the manual page, the MAC dst-mac src-mac is a rule option which means it should appear after the proto from src to dst part of the rule.

So your rule option is both incomplete and in the wrong place.

Are you attempting to check the MAC address while your laptops are travelling? Because I would have thought that the MAC screening will only be meaningful when the laptops are on the same LAN as the firewall.

Richard Smith
  • 45,711
  • 6
  • 82
  • 81