Re: DHCP related problem

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The ISC DHCP server has some hooks (see man) that can notify you of a lease.
Those events could drive a script that modifies you firewall rules.

/B


----- Original Message ----- 
From: "PiSiC..." <pisic@xxxxxxxxxxxxxxxxx>
To: <mattgrogan@xxxxxxxxxxx>; <netfilter@xxxxxxxxxxxxxxxxxxx>
Sent: Tuesday, June 17, 2003 06:43
Subject: Re: DHCP related problem


> I see that i wasn't very explicit...
> so... what i have: i have 12 stations in my LAN. I have set up DHCP with
> FixedAdress for those.
> I work in a computers service and i have a variable number of machines
that
> come and go .
> I set up a pool for those fixed address computers and another one for
> unknown clients which is more restrictive.
> To get to my problem ... I want to drop anyone who sets his IP address and
> GW etc. staticaly.
> I want to let them access only if they request their address by DHCP.
> Any hints ?
>
> Thanks in advance ,
>
>                 Danila Octavian
>
>
> ----- Original Message -----
> From: "Matt Grogan" <mattgrogan@xxxxxxxxxx>
> To: "'PiSiC...'" <pisic@xxxxxxxxxxxxxxxxx>;
<netfilter@xxxxxxxxxxxxxxxxxxx>
> Sent: Tuesday, June 17, 2003 2:24 PM
> Subject: RE: DHCP related problem
>
>
> > You could set up DHCP with a smaller set of addresses, for example
> > x.x.x.100- x.x.x.110 if you only have 10 workstations. Then drop
> everything
> > accessing the Internet except for those source addresses.
> >
> > If you want to go further than that, like stop someone from getting
their
> > information from DHCP and then statically defining it and keeping that
> > address, it gets a little more involved. Maybe reducing the lease time
and
> > scripting to check that all the stations in the DHCP range are also in
the
> > list of DHCP clients on the server would help.
> >
> > Matt Grogan
> >
> > ________________________________________
> > From: netfilter-admin@xxxxxxxxxxxxxxxxxxx
> > [mailto:netfilter-admin@xxxxxxxxxxxxxxxxxxx] On Behalf Of PiSiC...
> > Sent: Tuesday, June 17, 2003 4:31 AM
> > To: netfilter@xxxxxxxxxxxxxxxxxxx
> >
> > Hi all,
> >
> > I want to ask you something... You know a possibility to drop outgoing
> > traffic of clients who define their address staticaly instead of using
my
> > DHCP server ?
> > I also want to allow outgoing access to those who have their IP address
> > given by my DHCP server.
> >
> > Thank you in advance,
> > Danila Octavian
> >
> >
>
>



[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux