How to make ipfw consider MAC-IP match?
Chris Dillon
cdillon at wolves.k12.mo.us
Mon Feb 14 13:01:50 PST 2005
On Mon, 14 Feb 2005, Artem Kuchin wrote:
> I have a table with ethernet (MAC) addresses matching IPs. It is
> used to build dhcp config file. But regardless of that any user can
> assign his neighbour ips while that pc is turned off and use it to
> access internet. The local ips are 192.168. and are behind natd. I
> am running 5.3-STABLE and have heard that ipfw2 can in someway use
> MAC addresses, but how do I setup ipfw in such a way that it allows
> certain IP only from one and only one MAC address? I hope you are
> getting my idea.
What you probably want is static ARP entries.
arp -s 192.168.1.1 00:11:22:33:44:55
But that still won't stop someone from changing their IP address and
MAC address to match, it just makes it harder. To prevent that kind
of thing you need to use 802.1x authentication or maybe even PPPoE.
--
Chris Dillon - cdillon(at)wolves.k12.mo.us
FreeBSD: The fastest, most open, and most stable OS on the planet
- Available for IA32, IA64, AMD64, PC98, Alpha, and UltraSPARC architectures
- PowerPC, ARM, MIPS, and S/390 under development
- http://www.freebsd.org
Q: Because it reverses the logical flow of conversation.
A: Why is putting a reply at the top of the message frowned upon?
More information about the freebsd-stable
mailing list