[ previous ] [ next ] [ threads ]
 
 From:  rh at ffpx dot de
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  RE: [m0n0wall] Firewall Rules by MAC Address. IS it possible?
 Date:  Fri, 01 Oct 2010 23:37:21 +0200
Yea,

but YOU are speaking of expensive managable switches...! - I would  
prefer some interface-extension of monowall to get this feature  
available...

Ralf

> A good smart switch will help with users changing their Mac address   
> also,  enabling sticky mac's on a Cisco switch with a limit of 1...   
>  first mac the switch learns, is the only mac the switch will let  
> use  that port.  Course moving users, or anything requires the  
> network  admins help,  but hey, that just means job security...
>
> -Mike
>
>
>
> -----Original Message-----
> From: Chris Buechler [mailto:cbuechler at gmail dot com]
> Sent: Thursday, September 30, 2010 9:39 PM
> Cc: m0n0wall at lists dot m0n0 dot ch
> Subject: Re: [m0n0wall] Firewall Rules by MAC Address. IS it possible?
>
> On Thu, Sep 30, 2010 at 9:02 PM, Heinz Teichmann
> <heinz dot teichmann at wanews dot com dot au> wrote:
>> If it is such a big issue a proper proxy appliance would be the way to go?!?
>> Or is it a cost issue? Most enterprises I worked for used proxies   
>> for that and it worked.
>>
>
> Yes that's the way to properly control such things, requiring using a
> proxy with authentication for all users. But going on the theme of the
> rest of this thread, you could say "but then he/she can just get
> someone else's credentials!"
>
> That's why you take the approach of not trying to come up with a
> bulletproof technical solution to a people problem, which is
> impossible - there are always going to be ways to get around
> something. If you assign a DHCP reservation, let them know they are
> not authorized for web access, and the person goes to the extent of
> changing their IP and/or MAC to get around restrictions you have in
> place, that's generally grounds for termination.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>


----- Ende der Nachricht von mjewell at law dot umaryland dot edu -----