[ previous ] [ next ] [ threads ]
 
 From:  "Dan Bond" <dan dot bond at gmail dot com>
 To:  YvesDM <ydmlog at gmail dot com>, m0n0wall <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] deny certain mac address from getting an ip?
 Date:  Sun, 15 Jun 2008 11:55:33 +0100
Is there any way to simply assign the clients 127.0.0.1 as an IP, so
all traffic never leaves their machine?

On 6/15/08, YvesDM <ydmlog at gmail dot com> wrote:
> On Sun, Jun 15, 2008 at 9:22 AM, Chris Buechler <cbuechler at gmail dot com> wrote:
>
>> On Sun, Jun 15, 2008 at 2:53 AM, YvesDM <ydmlog at gmail dot com> wrote:
>> > Hi,
>> >
>> > I need to avoid certain mac addresses to even get an dhcp lease from
>> > m0n0wall.
>> > I find the "deny unknown clients" under the dhcpserver options, but I
>> want
>> > the opposite.
>> > For example mac address xx:yy:xx:xx:xx:yy can NOT retrieve an ip address
>> > over dhcp.
>> > Can this be done somehow?
>> >
>>
>> Not that I'm aware of.
>>
>>
>> > Note: I know i can block the client on the firewall,  but i talk about a
>> > virus infected box here taking the whole network down.
>> > I already tried to  add a static assignment and block him with a rule on
>> the
>> > lan interface, but he still takes the mono down, so I want to avoid he
>> even
>> > gets an ip address.
>>
>> I have seen networks in the past with a single virus infected host
>> exhausting m0n0wall's state table. Dropping everything from that host
>> and resetting the state table prevented it from causing any problems.
>>
>> Normally the problems virus hosts cause with m0n0wall is exhausting
>> the state table and dropped traffic doesn't get a state, so that will
>> usually fix the problem. You sure you had the rule, ordering, etc.
>> correct?  If so I don't know what else to suggest, that's always
>> worked for me.
>>
>> -Chris
>>
>
> Hi Chris,
>
> Yes, I've seen and re-read lee's post on this.
> yes, I got the ordening of the rules right.
> According to the particular client connects to hundreds of different ip's on
> port 25 (rarara :-)
> So I blocked all dest. p25 traffic from his ip of with a firewall rule on
> the LAN if (on top of the list, so above lan net->any) , but somehow he
> still manages to crash the system.
> The m0n0wall flips between unreachable and reachable for me (it's about 70km
> away from me).
> I had a change to reboot it once, but this didn't solve the problem, not
> even the first minutes it was up again.
> So I guess the real crashing device is the adsl modem. (A model I use on
> many locations without issues, setup in bridged mode,m0n0 doing PPPoE)
>
> I'm pretty sure the trouble is caused by this particular client.
> I had same trouble on this location end of may.
> That guy was out till 10 june according to our radius logs and the system
> ran flawlessly for 10 days.
> On 10 june he returned and the problem started again....
> Pulling my hair out here! I don't understand why he can still cause trouble
> on the m0n0 and/or modem device when he's blocked on the lan interface of
> the monowall.
> The only thing I can do is try to block him of completely, so not only on
> dest. p25
>
> Kind regards
> Y.
>
> Ps It would be really usefull to have the option to deny dhcp leases to
> certain mac addresses.
>