How to deny getting static ip address via pf ?
Chuck Swiger
cswiger at mac.com
Tue Jul 26 15:01:58 UTC 2011
On Jul 26, 2011, at 3:44 AM, Yavuz Maşlak wrote:
> I use pf on freebsd as packet filter.
>
> I have a wireless area. The users get to the internet using automatic ip
> from the dhcp server.
> I wish to deny to assign a static ip address by manual.
You can't prevent someone from doing manual configuration.
If you were connecting via a smart switch, you can configure MAC address filtering on each of the switch ports and then use DHCPd to only assign each MAC to the right range or static IP, and then use an IP-based firewall to control traffic from there. If a user tried to spoof some other MAC, the switch would block such traffic.
However, with wireless, nothing prevents the users from spoofing other MACs.
Regards,
--
-Chuck
More information about the freebsd-questions
mailing list