[ previous ] [ next ] [ threads ]
 From:  YvesDM <ydmlog at gmail dot com>
 To:  "Chris Buechler" <cbuechler at gmail dot com>
 Cc:  "m0n0wall at lists dot m0n0 dot ch" <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] deny certain mac address from getting an ip?
 Date:  Mon, 16 Jun 2008 21:12:42 +0200
On Sun, Jun 15, 2008 at 8:53 PM, Chris Buechler <cbuechler at gmail dot com> wrote:

> On Sun, Jun 15, 2008 at 1:47 PM, Lee Sharp <leesharp at hal dash pc dot org> wrote:
> >
> > As to assigning a bogus IP, I know the GUI does sanity checking, but does
> > the config file?  What if you assign a static IP, save the config, change
> it
> > in the config to, and upload the config?  Or just give it a
> > totally invalid IP with no route to the firewall?
> >
> I think that may blow up dhcpd, but if someone tries it, let us know!
> -Chris

Ok, I tried this.
It didn't blow up dhcp, that's the good news :-)
I started with adding a bogus ip (valid ip, though from a total different
subnet) as static mapping to my mac address in the config.xml and uploaded
it again.
Result: m0n0wall assigned the client simply an ip from inside its dhcp range
and ignores the static mapping.

Then I tried to do the same with the ip in the static mapping
Result: same as above.

Then I checked "Deny unknown clients" in the dhcp server config.
This writes an entry in the xml named <denyunknown/>
I tried to change it in the config to <denyknown/> (you never know :-) but
this also didn't prevent my laptop from getting an ip out of the dhcp range.

So basicly, I could not prevent the client from getting an ip.
If anyone knows a way to do this it would be nice to know.

Kind regards,