From owner-freebsd-security  Mon May 22 10:39: 1 2000
Delivered-To: freebsd-security@freebsd.org
Received: from arf.bussert.COM (arf.bussert.com [209.183.67.130])
	by hub.freebsd.org (Postfix) with ESMTP id B175D37B5AC
	for <freebsd-security@freebsd.org>; Mon, 22 May 2000 10:38:57 -0700 (PDT)
	(envelope-from matheny@bussert.com)
Received: from localhost (matheny@localhost)
	by arf.bussert.COM (8.9.3/8.9.3) with ESMTP id NAA08480
	for <freebsd-security@freebsd.org>; Mon, 22 May 2000 13:08:30 -0500 (EST)
	(envelope-from matheny@bussert.com)
Date: Mon, 22 May 2000 13:08:30 -0500 (EST)
From: Blake Matheny <matheny@bussert.com>
To: freebsd-security@freebsd.org
Subject: Firewall Rules
Message-ID: <Pine.BSF.4.10.10005221304510.8452-100000@arf.bussert.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Is there a way to deny by mac address rather than ip address? I need to
deny a group of computers (with static ip's) access to the internet, but
if someone changes their ip (with DHCP) it doesn't do any good. These are
windows boxes with a freebsd firewall, no policies on the computers and if
possible I would like to implement this only on the firewall level. Anyone
got any advice? Thanks.
-Blake

Blake Matheny
Bussert Consulting
Network Engineer
(765)423-2100
matheny@bussert.com



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message