From owner-freebsd-security Mon May 22 11:11:19 2000 Delivered-To: freebsd-security@freebsd.org Received: from arf.bussert.COM (arf.bussert.com [209.183.67.130]) by hub.freebsd.org (Postfix) with ESMTP id C6A7737BC6B for ; Mon, 22 May 2000 11:11:12 -0700 (PDT) (envelope-from matheny@bussert.com) Received: from localhost (matheny@localhost) by arf.bussert.COM (8.9.3/8.9.3) with ESMTP id NAA08655; Mon, 22 May 2000 13:40:32 -0500 (EST) (envelope-from matheny@bussert.com) Date: Mon, 22 May 2000 13:40:32 -0500 (EST) From: Blake Matheny To: Matthew Dillon Cc: freebsd-security@FreeBSD.ORG Subject: Re: Firewall Rules In-Reply-To: <200005221802.LAA61355@apollo.backplane.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Yeah, I'm worried that some windows users (that can read) :) might try to change the network settings, etc. Blake Matheny Bussert Consulting Network Engineer (765)423-2100 matheny@bussert.com On Mon, 22 May 2000, Matthew Dillon wrote: > :Is there a way to deny by mac address rather than ip address? I need to > :deny a group of computers (with static ip's) access to the internet, but > :if someone changes their ip (with DHCP) it doesn't do any good. These are > :windows boxes with a freebsd firewall, no policies on the computers and if > :possible I would like to implement this only on the firewall level. Anyone > :got any advice? Thanks. > :-Blake > : > :Blake Matheny > :Bussert Consulting > :Network Engineer > :(765)423-2100 > :matheny@bussert.com > > You can set dhcp up to assign a specific IP address for a specific > MAC address, would that be good enough or are you worried about > the windows users screwing around with their network config? > > -Matt > Matthew Dillon > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message