[ previous ] [ next ] [ threads ]
 From:  "Dan Bond" <dan dot bond at gmail dot com>
 To:  monowall <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] Adding MAC filter to monowall
 Date:  Sat, 25 Nov 2006 16:27:37 +0000
I suspect that the issue is that the client may still assign
themselves an address, and as long as it is in the correct subnet then
they will be able to pass traffic. I do think the option of only
allowing traffic to flow from a client if their MAC matches that of
the entry in the database for their address would be a useful one.
Dunno how you would do it, but AFAIK it's not something that can be
done currently.


On 25/11/06, Michael Graves <mgraves at mstvp dot com> wrote:
> On Sat, 25 Nov 2006 02:35:31 -0800 (PST), Jon Saints wrote:
> >Yes, the "DHCP deny unknow clients" is almost is what
> >we need.  The problem is for users who just choose a
> >static IP address. What we really want is an option
> >like "only allow access if a user has obtained a DHCP
> >lease from this router"
> >
> >Then we could use the 'static address' feature to
> >register MACs that we want to permit.
> >
> >MAC filter, while easy to work around for a determined
> >user, would prevent un-determined users from simply
> >being able to just plug in and use internet resources.
> >This is what we are trying to accomplish.
> >
> >But your point is a good one. Perhaps all we need is
> >to add "only allow access if a user has obtained a
> >DHCP lease from this router" feature instead of a
> >whole MAC filter feature.
> I suspect that what you seek is already there. You don't need to assign
> addresses to the MACs listed in the filter. When you don't they get
> assigned IPs from the DHCP pool. Clients that are not one of the listed
> MACs simply don't get an IP address at all.
> Michael
> --
> Michael Graves                           mgraves at pixelpower dot com
> Sr. Product Specialist                          www.pixelpower.com
> Pixel Power Inc.                                 mgraves at mstvp dot com
> o713-861-4005
> o800-905-6412
> c713-201-1262
> skye mjgraves
> fwd 54245
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch