[ previous ] [ next ] [ threads ]
 From:  Lee Sharp <leesharp at hal dash pc dot org>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Firewall Rules by MAC Address. IS it possible?
 Date:  Thu, 30 Sep 2010 11:24:02 -0400
On 09/30/2010 05:13 AM, GD Incorporation wrote:
> All I am saying is
> How many people... I mean, just regular pc users would know how to execute
> such command? Plus, no one in other than computer department in any company
> would want to use linux? Mostly just windows or mac. Changing MAC address on
> mac or windows is not that easy. But changing IP in Windows is just too
> easy.
> Most of my users are windows users.
> So that is why, for me, having mac filter in firewall rule would help so
> much.

I think you are trying to find a technical solution to a human problem.
There is no way to stop a determined and skilled person with control of
their own system.  If this is a company environment, you can use policy
kit to lock them out of network changes, and that eliminates some.  You
can lock them out of the web browser, and that eliminates most.  Of
course, they can still hack there own system and get past it.

The real solution is to say "Do not do this.  We are logging everyone,
and if we catch you, you are fired."  If you can not do that, you can
not stop them.