Date: Tue, 26 Jul 2011 08:01:56 -0700 From: Chuck Swiger <cswiger@mac.com> To: =?utf-8?Q?Yavuz_Ma=C5=9Flak?= <yavuz.maslak@netiletisim.net> Cc: freebsd-questions@freebsd.org Subject: Re: How to deny getting static ip address via pf ? Message-ID: <367840D7-2E33-4849-A990-BB532CEFE590@mac.com> In-Reply-To: <39BA5203083441F49B797E0E12C7B03D@desktop2002> References: <39BA5203083441F49B797E0E12C7B03D@desktop2002>
next in thread | previous in thread | raw e-mail | index | archive | help
On Jul 26, 2011, at 3:44 AM, Yavuz Maşlak wrote: > I use pf on freebsd as packet filter. > > I have a wireless area. The users get to the internet using automatic ip > from the dhcp server. > I wish to deny to assign a static ip address by manual. You can't prevent someone from doing manual configuration. If you were connecting via a smart switch, you can configure MAC address filtering on each of the switch ports and then use DHCPd to only assign each MAC to the right range or static IP, and then use an IP-based firewall to control traffic from there. If a user tried to spoof some other MAC, the switch would block such traffic. However, with wireless, nothing prevents the users from spoofing other MACs. Regards, -- -Chuck
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?367840D7-2E33-4849-A990-BB532CEFE590>