From owner-freebsd-ipfw@FreeBSD.ORG  Mon Sep 26 02:36:58 2005
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
X-Original-To: ipfw@freebsd.org
Delivered-To: freebsd-ipfw@FreeBSD.ORG
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 007E016A41F
	for <ipfw@freebsd.org>; Mon, 26 Sep 2005 02:36:57 +0000 (GMT)
	(envelope-from on@cs.ait.ac.th)
Received: from mail.cs.ait.ac.th (mail.cs.ait.ac.th [192.41.170.16])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 0AFD443D48
	for <ipfw@freebsd.org>; Mon, 26 Sep 2005 02:36:56 +0000 (GMT)
	(envelope-from on@cs.ait.ac.th)
Received: from banyan.cs.ait.ac.th (banyan.cs.ait.ac.th [192.41.170.5])
	by mail.cs.ait.ac.th (8.12.11/8.12.11) with ESMTP id j8Q2ZcFS034642
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO);
	Mon, 26 Sep 2005 09:35:38 +0700 (ICT)
Received: (from on@localhost)
	by banyan.cs.ait.ac.th (8.13.1/8.12.11) id j8Q2Y2LM038938;
	Mon, 26 Sep 2005 09:34:02 +0700 (ICT)
Date: Mon, 26 Sep 2005 09:34:02 +0700 (ICT)
Message-Id: <200509260234.j8Q2Y2LM038938@banyan.cs.ait.ac.th>
From: Olivier Nicole <on@cs.ait.ac.th>
To: free.bsd@gmx.net
In-reply-to: <18703.1127479590@www80.gmx.net> (free.bsd@gmx.net)
References: <18703.1127479590@www80.gmx.net>
X-Virus-Scanned: on CSIM by amavisd-milter (http://www.amavis.org/)
Cc: ipfw@freebsd.org, lists@wm-access.no, vladone@spaingsm.com
Subject: Re: blocking a host
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Sep 2005 02:36:58 -0000

// why would you want such a host on your network? if you run a isp of some
// sort and it's a customer who wants to steal static IP's. Why not give
// him one and charge extra? Or design the network better?

I'd say there are plenty of cases where you need to deny access by MAC
rather than by IP.

An example: we are a learning institution, students have their own
laptop (some of them at least). When they abuse the usage policy, we
want to block them by MAC because the IP is dynamic and so does not
reflect one specific machine.

(OK they will change the MAC too, but that kind of think will get them
denied of internet access for good).

Olivier