Firewall Wizards mailing list archives
Re: Blocking at firewall via MAC address
From: David Lang <david.lang () digitalinsight com>
Date: Sun, 16 Dec 2001 17:43:54 -0800 (PST)
while this isn't a foolproof solution one thing you could do is to use DHCP to hand out addresses. create two sets of definitions in DHCP 1. known MAC addresses which are given addresses on the proper subnet (potentially even fixed addresses per MAC so that you can have static DNS for these machines as well) 2. unknown MAC addresses which are given addresses on another subnet that isn't allowed through the firewall David Lang On Sat, 15 Dec 2001, B. Scott Harroff wrote:
Date: Sat, 15 Dec 2001 16:51:31 -0500 From: B. Scott Harroff <Scott.Harroff () att net> To: firewall-wizards () nfr com Subject: Re: [fw-wiz] Blocking at firewall via MAC address Wizards, I apologize again for my lack of clarification and apparent growing frustration. I appreciate the Wizards re-confirming my current understating of this technique and its limitations. However, my question was not "Please inform me of the reasons blocking by MAC address will not work, should not be used, or how to circumvent it". The business partner has a simple requirement - if the laptops MAC address does not match a list of predetermined addresses, it does not pass though the firewall. In my opinion this requirement is over design for the environment, but I will meet it. If there is a wizard that knows how to meet this requirement with OpenBSD (2.9 or 3.0) / IPFilter, I'd really like to hear from you. If not, I will simply implement a switch that will meet the business partner's requirement. My apologies in advance if I've offended anyone with my frankness. _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
_______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Blocking at firewall via MAC address, (continued)
- Re: Blocking at firewall via MAC address Patrick Darden (Dec 15)
- Re: Blocking at firewall via MAC address Paul Robertson (Dec 16)
- Re: Blocking at firewall via MAC address black (Dec 15)
- Re: Blocking at firewall via MAC address B. Scott Harroff (Dec 15)
- Re: Blocking at firewall via MAC address Stephen P. Berry (Dec 16)
- Re: Blocking at firewall via MAC address Mark Brown (Dec 17)
- Re: Blocking at firewall via MAC address R. DuFresne (Dec 16)
- Re: Blocking at firewall via MAC address B. Scott Harroff (Dec 16)
- Re: Blocking at firewall via MAC address Ryan McBride (Dec 17)
- Re: Blocking at firewall via MAC address Paul Cardon (Dec 17)
- Re: Blocking at firewall via MAC address David Lang (Dec 17)
- Re: Blocking at firewall via MAC address Patrick Darden (Dec 15)
- Re: Blocking at firewall via MAC address Patrick Darden (Dec 17)
- potential network attacks Daniel Handley (Dec 14)
- Re: potential network attacks black (Dec 15)
- Re: potential network attacks Paul Robertson (Dec 16)