iptables and dhcp configuration
Bill Shirley
bshirley at memphis.apirx.biz
Thu Aug 9 05:41:49 UTC 2012
On 8/9/2012 12:49 AM, Tim wrote:
> On Wed, 2012-08-08 at 18:31 -0700, jdow wrote:
>> What do you do about the fellow who simply hits the power switch or
>> disconnects the network cable?
> Or moves out of wireless range? And then comes back again?
>
> As I said, it looked more like an authentication scheme was needed than
> just IP assigning(/controlling).
>
It depends on what you want. If you want something that is bullet
proof, then no, this is not for you. But if you have someone who is
actively trying to bypass security then you have more than a network
problem.
If you want something that encourages people to use DHCP, then this
could be an answer. If you don't acquire an IP address via DHCP, I
don't pass you thru the firewall to teh interwebz.
It's been my experience that when the ISC DHCP server sees a new MAC
address, it doesn't re-use IP leases until it has cycled thru the pool.
If you had understood the code you would have noticed that an IP address
is removed from the ipset when the lease expires. This could be changed
to work off the MAC address too.
Also, most PCs ask to re-lease the last IP address they had.
Bill
More information about the users
mailing list