From owner-freebsd-security  Mon May 22 11: 2:44 2000
Delivered-To: freebsd-security@freebsd.org
Received: from apollo.backplane.com (apollo.backplane.com [216.240.41.2])
	by hub.freebsd.org (Postfix) with ESMTP id 6BAB537BE1C
	for <freebsd-security@FreeBSD.ORG>; Mon, 22 May 2000 11:02:36 -0700 (PDT)
	(envelope-from dillon@apollo.backplane.com)
Received: (from dillon@localhost)
	by apollo.backplane.com (8.9.3/8.9.1) id LAA61355;
	Mon, 22 May 2000 11:02:28 -0700 (PDT)
	(envelope-from dillon)
Date: Mon, 22 May 2000 11:02:28 -0700 (PDT)
From: Matthew Dillon <dillon@apollo.backplane.com>
Message-Id: <200005221802.LAA61355@apollo.backplane.com>
To: Blake Matheny <matheny@bussert.com>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: Firewall Rules
References:  <Pine.BSF.4.10.10005221304510.8452-100000@arf.bussert.com>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

:Is there a way to deny by mac address rather than ip address? I need to
:deny a group of computers (with static ip's) access to the internet, but
:if someone changes their ip (with DHCP) it doesn't do any good. These are
:windows boxes with a freebsd firewall, no policies on the computers and if
:possible I would like to implement this only on the firewall level. Anyone
:got any advice? Thanks.
:-Blake
:
:Blake Matheny
:Bussert Consulting
:Network Engineer
:(765)423-2100
:matheny@bussert.com

    You can set dhcp up to assign a specific IP address for a specific
    MAC address, would that be good enough or are you worried about
    the windows users screwing around with their network config?

					-Matt
					Matthew Dillon 
					<dillon@backplane.com>


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message