Date: Tue, 26 Jul 2011 08:01:56 -0700 From: Chuck Swiger <cswiger@mac.com> To: =?utf-8?Q?Yavuz_Ma=C5=9Flak?= <yavuz.maslak@netiletisim.net> Cc: freebsd-questions@freebsd.org Subject: Re: How to deny getting static ip address via pf ? Message-ID: <367840D7-2E33-4849-A990-BB532CEFE590@mac.com> In-Reply-To: <39BA5203083441F49B797E0E12C7B03D@desktop2002> References: <39BA5203083441F49B797E0E12C7B03D@desktop2002>
next in thread | previous in thread | raw e-mail | index | archive | help
On Jul 26, 2011, at 3:44 AM, Yavuz Ma=C5=9Flak wrote: > I use pf on freebsd as packet filter. >=20 > I have a wireless area. The users get to the internet using automatic = ip > from the dhcp server.=20 > I wish to deny to assign a static ip address by manual.=20 You can't prevent someone from doing manual configuration. If you were connecting via a smart switch, you can configure MAC address = filtering on each of the switch ports and then use DHCPd to only assign = each MAC to the right range or static IP, and then use an IP-based = firewall to control traffic from there. If a user tried to spoof some = other MAC, the switch would block such traffic. However, with wireless, nothing prevents the users from spoofing other = MACs. Regards, --=20 -Chuck
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?367840D7-2E33-4849-A990-BB532CEFE590>