Is there any way to simply assign the clients 127.0.0.1 as an IP, so
all traffic never leaves their machine?
On 6/15/08, YvesDM <ydmlog at gmail dot com> wrote:
> On Sun, Jun 15, 2008 at 9:22 AM, Chris Buechler <cbuechler at gmail dot com> wrote:
>> On Sun, Jun 15, 2008 at 2:53 AM, YvesDM <ydmlog at gmail dot com> wrote:
>> > Hi,
>> > I need to avoid certain mac addresses to even get an dhcp lease from
>> > m0n0wall.
>> > I find the "deny unknown clients" under the dhcpserver options, but I
>> > the opposite.
>> > For example mac address xx:yy:xx:xx:xx:yy can NOT retrieve an ip address
>> > over dhcp.
>> > Can this be done somehow?
>> Not that I'm aware of.
>> > Note: I know i can block the client on the firewall, but i talk about a
>> > virus infected box here taking the whole network down.
>> > I already tried to add a static assignment and block him with a rule on
>> > lan interface, but he still takes the mono down, so I want to avoid he
>> > gets an ip address.
>> I have seen networks in the past with a single virus infected host
>> exhausting m0n0wall's state table. Dropping everything from that host
>> and resetting the state table prevented it from causing any problems.
>> Normally the problems virus hosts cause with m0n0wall is exhausting
>> the state table and dropped traffic doesn't get a state, so that will
>> usually fix the problem. You sure you had the rule, ordering, etc.
>> correct? If so I don't know what else to suggest, that's always
>> worked for me.
> Hi Chris,
> Yes, I've seen and re-read lee's post on this.
> yes, I got the ordening of the rules right.
> According to the particular client connects to hundreds of different ip's on
> port 25 (rarara :-)
> So I blocked all dest. p25 traffic from his ip of with a firewall rule on
> the LAN if (on top of the list, so above lan net->any) , but somehow he
> still manages to crash the system.
> The m0n0wall flips between unreachable and reachable for me (it's about 70km
> away from me).
> I had a change to reboot it once, but this didn't solve the problem, not
> even the first minutes it was up again.
> So I guess the real crashing device is the adsl modem. (A model I use on
> many locations without issues, setup in bridged mode,m0n0 doing PPPoE)
> I'm pretty sure the trouble is caused by this particular client.
> I had same trouble on this location end of may.
> That guy was out till 10 june according to our radius logs and the system
> ran flawlessly for 10 days.
> On 10 june he returned and the problem started again....
> Pulling my hair out here! I don't understand why he can still cause trouble
> on the m0n0 and/or modem device when he's blocked on the lan interface of
> the monowall.
> The only thing I can do is try to block him of completely, so not only on
> dest. p25
> Kind regards
> Ps It would be really usefull to have the option to deny dhcp leases to
> certain mac addresses.