On Jul 26, 2011, at 3:44 AM, Yavuz Maşlak wrote: > I use pf on freebsd as packet filter. > > I have a wireless area. The users get to the internet using automatic ip > from the dhcp server. > I wish to deny to assign a static ip address by manual.
You can't prevent someone from doing manual configuration. If you were connecting via a smart switch, you can configure MAC address filtering on each of the switch ports and then use DHCPd to only assign each MAC to the right range or static IP, and then use an IP-based firewall to control traffic from there. If a user tried to spoof some other MAC, the switch would block such traffic. However, with wireless, nothing prevents the users from spoofing other MACs. Regards, -- -Chuck _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[email protected]"
