Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 07 Sep 2007 12:53:05 -0400
From:      Chuck Swiger <cswiger@mac.com>
To:        Stephen GL <kansas_le@yahoo.com>
Cc:        freebsd-ipfw@freebsd.org
Subject:   Re: Allow only match both mac address and IP address
Message-ID:  <46E181F1.2030404@mac.com>
In-Reply-To: <456319.24028.qm@web56801.mail.re3.yahoo.com>
References:  <456319.24028.qm@web56801.mail.re3.yahoo.com>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
Stephen GL wrote:
[ ... ]
> I am very new about IPFW. I'm in FreeBSD 6.0.
> My job is pass anyone that has a valid both MAC and IP address.
> Beginning of my rule I check the valid MAC address that can get through.
> If pass, the next rule is check the IP address.
> If pass, he/she can get through.
> 
> Everything is work as expected. My problem is the above rules doesn't check
> both MAC and IP address pairing.  Assume someone spoof other MAC address, they
> can pass by changing the IP address of another.

The way to deal with people who screw up your network by spoofing the MAC and 
IP address of another machine is to fire them or drop them as a customer, 
depending on the relationship.

However, if you really need to provide IP access to people whom you can't 
trust not to play such games, consider switching to something which requires 
authentication, such as PPPoE.

-- 
-Chuck



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?46E181F1.2030404>