Re: Packet Filtering to Stop DCHP

On Fri, 13 Dec 2002, Mike Woods wrote:

> I'm looking for information on using packet filtering to selectively block

this is getting to be a classic. so here we go:

did you search the archives? if so, please tell us what you searched for so as to avoid the usual "STFA"

pf does not (and probably will never) do mac filtering. you can use a bridge to do this though. see the brconfig manpage.

configure dhcpd to ignore unknown clients?

since mac addresses are pretty easy to spoof/change, you may want to use some other form of protection. have a look at authpf, or consider using some form of vpn. then your location has little bearing on your authorization - only your identity does.

if you don't mind my asking, what is the real problem you're trying to solve?

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related openbsd.org Links advocacy announce bugs ipv6 misc ports ports-changes security-announce smp source-changes tech Request more information about Pantek

CK

-- 
Chris Kuethe, GCIA CISSP: Secure Systems Specialist - U of A CNS
      office: 157 General Services Bldg.    +1.780.492.8135
              chris.kuethe@[pyxis.cns.]ualberta.ca

No trees were destroyed in the sending of this contaminant free message; we
do concede a significant number of electrons may have been inconvenienced.