[juneau-lug] Re: access control for wired devices
- From: James Zuelow <James.Zuelow@xxxxxxxxxx>
- To: "juneau-lug@xxxxxxxxxxxxx" <juneau-lug@xxxxxxxxxxxxx>
- Date: Wed, 4 May 2016 23:57:49 +0000
If I set up DHCP on my server, instead of on the modem/router, could I
prevent unwanted MAC's from connecting?
You can prevent a particular MAC from getting an address or you could ensure
that those particular MAC addresses get particular IP addresses and then treat
that specially.
Any other ideas come to mind?
Does your guest know how to spoof MAC addresses?
You may want to set up known MAC addresses with "good" addresses, and any
unknown MAC addresses go to a local-only subnet, etc.
And, if your guest assigns himself a static IP and gateway that works with your
modem the DHCP server won't help.
So, there are some options:
Perhaps you want to set up a firewall that filters by MAC address. PF (the BSD
firewall) can do this, so if you want a mostly premade firewall a pfSense VM
might be a good download for you. And regular plain jane iptables can do this
on Linux too.
Or, you could set up Squid as a transparent proxy and filter MAC addresses that
way but Squid might be more work than you're after.
James Zuelow
Systems Operations Manager
City and Borough of Juneau – MIS
(907) 586-0236
------------------------------------
The Juneau Linux Users Group --
http://www.juneau-lug.org
This is the Juneau-LUG mailing list.
To unsubscribe, send an e-mail to juneau-lug-request@xxxxxxxxxxxxx with the
word unsubscribe in the subject header.
Other related posts: