[ previous ] [ next ] [ threads ]
 
 From:  YvesDM <ydmlog at gmail dot com>
 To:  m0n0wall <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] deny certain mac address from getting an ip?
 Date:  Sun, 15 Jun 2008 09:46:39 +0200
On Sun, Jun 15, 2008 at 9:22 AM, Chris Buechler <cbuechler at gmail dot com> wrote:

> On Sun, Jun 15, 2008 at 2:53 AM, YvesDM <ydmlog at gmail dot com> wrote:
> > Hi,
> >
> > I need to avoid certain mac addresses to even get an dhcp lease from
> > m0n0wall.
> > I find the "deny unknown clients" under the dhcpserver options, but I
> want
> > the opposite.
> > For example mac address xx:yy:xx:xx:xx:yy can NOT retrieve an ip address
> > over dhcp.
> > Can this be done somehow?
> >
>
> Not that I'm aware of.
>
>
> > Note: I know i can block the client on the firewall,  but i talk about a
> > virus infected box here taking the whole network down.
> > I already tried to  add a static assignment and block him with a rule on
> the
> > lan interface, but he still takes the mono down, so I want to avoid he
> even
> > gets an ip address.
>
> I have seen networks in the past with a single virus infected host
> exhausting m0n0wall's state table. Dropping everything from that host
> and resetting the state table prevented it from causing any problems.
>
> Normally the problems virus hosts cause with m0n0wall is exhausting
> the state table and dropped traffic doesn't get a state, so that will
> usually fix the problem. You sure you had the rule, ordering, etc.
> correct?  If so I don't know what else to suggest, that's always
> worked for me.
>
> -Chris
>

Hi Chris,

Yes, I've seen and re-read lee's post on this.
yes, I got the ordening of the rules right.
According to the particular client connects to hundreds of different ip's on
port 25 (rarara :-)
So I blocked all dest. p25 traffic from his ip of with a firewall rule on
the LAN if (on top of the list, so above lan net->any) , but somehow he
still manages to crash the system.
The m0n0wall flips between unreachable and reachable for me (it's about 70km
away from me).
I had a change to reboot it once, but this didn't solve the problem, not
even the first minutes it was up again.
So I guess the real crashing device is the adsl modem. (A model I use on
many locations without issues, setup in bridged mode,m0n0 doing PPPoE)

I'm pretty sure the trouble is caused by this particular client.
I had same trouble on this location end of may.
That guy was out till 10 june according to our radius logs and the system
ran flawlessly for 10 days.
On 10 june he returned and the problem started again....
Pulling my hair out here! I don't understand why he can still cause trouble
on the m0n0 and/or modem device when he's blocked on the lan interface of
the monowall.
The only thing I can do is try to block him of completely, so not only on
dest. p25

Kind regards
Y.

Ps It would be really usefull to have the option to deny dhcp leases to
certain mac addresses.