Bridge Filter MAC + Mask

synologic · January 17, 2010, 9:04am

Hi,

how does the mac and mask fields work on bridge filter ?

I tried to filter some traffic that should go out only to specific devices from within a mac range (filtered by vendor id) but the filter doesnt match any packets.
what i tried was:

mac address 00:00:00:00:00:00 and mask XX:YY:ZZ:FF:FF:FF where XX:YY:ZZ is the vendor id ← nothing matches
mac address XX:YY:ZZ:00:00:00 and mask 00:00:00:FF:FF:FF ← nothing matches
mac address XX:YY:ZZ:00:00:00 and mask XX:YY:ZZ:FF:FF:FF ← nothing matches
mac address 00:00:00:00:00:00 and mask FF:FF:FF:FF:FF:FF ← nothing matches either

Since there’s no doc on this topic on the wiki, can somebody please explain ?

Thx

gmsmstr · January 18, 2010, 6:59am

Have you tried a *, don’t think that will work either, think it has to be an exact match.

thegink · October 26, 2011, 1:36am

I know this is an old post, but I was looking for the same information and couldn’t find it anywhere. Here’s what I worked out:

To match only data from dell devices (for example),
Src MAC Address: 00:1A:A0:00:00:00
Src Mac Mask: FF:FF:FF:00:00:00

This rule will match 00:1A:A0:xx:xx:xx

I haven’t tried it, but the mask field seems to be a bit mask, so you should be able to match ranges much like you can with subnet masks.

t

canniscam · September 11, 2015, 2:00pm

@thegink

Thanks, that worked like a champ..

Casey Annis

hci · June 18, 2020, 2:06pm

Can this be done in IP firewall? MAC Address and Mask?