IP and MAC Address Association on OpenBSD

Posted on June 8, 2011 by spawn

On this tutorial, I will show how associate mac and ip address and filter it on OpenBSD 4.8.

  • Create a bridge
      • # ifconfig bridge0 create
  • Assuming that your LAN network card is rl0, add this to bridge and block non ip address
      • # ifconfig bridge0 add rl0
      # ifconfig bridge0 blocknonip rl0
  • Now, create rules to MAC that you want pass through firewall and tag it
      • # ifconfig bridge0 rule pass in on rl0 src 00:11:22:33:44:55 tag signedmac
      Add your rules and when you finish, block all
      # ifconfig bridge0 rule block in on rl0
  • Now it’s time to associate the tagged mac with IP address, for this put a rule under pf.conf
      • pass in on rl0 proto tcp from 10.20.30.40 tagged signedmac

    5 – How you can see, on bridge the mac are signed with tag and on filter ip address is associated with tagged

    Reload your pf rules and enjoy !

    Extra : Configuring during startup :

      # cat /etc/hostname.bridge0
      add rl0
      blocknonip rl0
      rulefile /etc/brrules.conf
      # cat /etc/brrules.conf
      # customer
      pass in on re0 src 00:11:22:33:44:55 tag signedmac

      # customer2
      pass in on re0 src 66:77:88:99:00:01 tag macsigned

      # BLOCK ALL
      block in on re0

    Gift: : Script to reload brrules after add rule into brrules.conf

    # cat /usr/sbin/flushbr


    #!/bin/ksh
    ifconfig bridge0 flushrule rl0
    ifconfig bridge0 rulefile /etc/brrules.conf

    Not forget to reload pf.conf too, after created filter rule

    “How do a bridge on linux? you will need to make 3 spells and go to a crossroad and kill two chicken but on OpenBSD you can do with one line!”

    This entry was posted in OpenBSD and tagged , , , . Bookmark the permalink.