From owner-freebsd-isp Mon Sep 6 12:11:48 1999 Delivered-To: freebsd-isp@freebsd.org Received: from smtp.interact.se (smtp1.interact.se [193.15.98.9]) by hub.freebsd.org (Postfix) with ESMTP id 156E815194 for ; Mon, 6 Sep 1999 12:11:41 -0700 (PDT) (envelope-from je@interact.se) Received: from aju4j (install3.interact.se [193.15.98.52]) by smtp.interact.se (InterACT Mailer) with SMTP id VAA15554 for ; Mon, 6 Sep 1999 21:10:35 +0200 (CEST) Message-Id: <3.0.32.19990906210921.00d0a198@smtp1.interact.se> X-Sender: mailman@smtp1.interact.se X-Mailer: Windows Eudora Pro Version 3.0 Demo (32) Date: Mon, 06 Sep 1999 21:09:22 +0200 To: freebsd-isp@FreeBSD.ORG From: Jonas Eriksson Subject: Re: Really static arp? Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 19:53 1999-09-06 +0200, Bartek Siebab wrote: >Hi! > >I have many malicious users in my LAN. Many of them has >access disabled to our certain services, but if they change >their ip adress we can't filter them by ip. > >User can change ip but his MAC adress is static, but >arp -S isn't solution, because when user has new ip >arp add it to cache and after arp -a we have a few entry >for ip with a few MAC adresses, so trafic is passed from >this ip (currently and temporary not used by other user)! > >How to disable arp from do this? >How to set up arp table really static? >Maybe is there any solutions for ipfw based on MAC? > I've think that this has been discussed on this list before. (or security) Check the archives. -- Jonas Eriksson To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message