On Sun, Jun 15, 2008 at 8:53 PM, Chris Buechler <cbuechler at gmail dot com> wrote:
> On Sun, Jun 15, 2008 at 1:47 PM, Lee Sharp <leesharp at hal dash pc dot org> wrote:
> > As to assigning a bogus IP, I know the GUI does sanity checking, but does
> > the config file? What if you assign a static IP, save the config, change
> > in the config to 127.0.0.1, and upload the config? Or just give it a
> > totally invalid IP with no route to the firewall?
> I think that may blow up dhcpd, but if someone tries it, let us know!
Ok, I tried this.
It didn't blow up dhcp, that's the good news :-)
I started with adding a bogus ip (valid ip, though from a total different
subnet) as static mapping to my mac address in the config.xml and uploaded
Result: m0n0wall assigned the client simply an ip from inside its dhcp range
and ignores the static mapping.
Then I tried to do the same with the ip 127.0.0.1 in the static mapping
Result: same as above.
Then I checked "Deny unknown clients" in the dhcp server config.
This writes an entry in the xml named <denyunknown/>
I tried to change it in the config to <denyknown/> (you never know :-) but
this also didn't prevent my laptop from getting an ip out of the dhcp range.
So basicly, I could not prevent the client from getting an ip.
If anyone knows a way to do this it would be nice to know.