[ previous ] [ next ] [ threads ]
 
 From:  Jon Saints <saintsjd at yahoo dot com>
 To:  monowall <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] Adding MAC filter to monowall
 Date:  Sat, 25 Nov 2006 02:35:31 -0800 (PST)
Yes, the "DHCP deny unknow clients" is almost is what
we need.  The problem is for users who just choose a
static IP address. What we really want is an option
like "only allow access if a user has obtained a DHCP
lease from this router"

Then we could use the 'static address' feature to
register MACs that we want to permit.

MAC filter, while easy to work around for a determined
user, would prevent un-determined users from simply
being able to just plug in and use internet resources.
This is what we are trying to accomplish.

But your point is a good one. Perhaps all we need is
to add "only allow access if a user has obtained a
DHCP lease from this router" feature instead of a
whole MAC filter feature.

Thanks
Jon



--- Dan Bond <dan dot bond at gmail dot com> wrote:

> Would the 'Static Address' feature of the DHCP
> server, coupled with
> selecting the 'Deny unknown clients' option not do
> the same? (excuse
> the wrong names, I haven't got a m0n0 in front of me
> currently).
> Ultimately, someone determined only need spoof the
> MAC address of an
> existing client anyway, but I guess it's another
> layer of security.
> 
> Dan
> 
> On 25/11/06, Jon Saints <saintsjd at yahoo dot com> wrote:
> > We are loving monowall and finding many
> applications
> > for it on our network.
> >
> > We are considering starting work to add a MAC
> address
> > filter feature to the monowall.  But wanted to get
> > thoughts from the list first:
> >
> > Is this an appropriate feature to add to monowall
> even
> > with its "minimalist" approach to firewalling? 
> Any
> > suggestions on where/how to begin work?
> >
> > Thanks
> > Jon
> >
> >
>
---------------------------------------------------------------------
> > To unsubscribe, e-mail:
> m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> > For additional commands, e-mail:
> m0n0wall dash help at lists dot m0n0 dot ch
> >
> >
> 
>
---------------------------------------------------------------------
> To unsubscribe, e-mail:
> m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail:
> m0n0wall dash help at lists dot m0n0 dot ch
> 
>