I used iptables rules to ACCEPT requests to the DHCP server only from the known MAC address(es) and this works fine for workstations on the same subnet as the DHCP server. However, when I expand the service to multiple subnets across a router the DHCP request packet comes through with the MAC address of the router port so my iptables rule does not stop it.
This will always happen, and I know of no way to stop it. The package will come to you with the MAC address of the router.
In case you're wondering, the reason I'm trying to do this is to prevent people from brining their virus infected laptops onto campus and having them start broadcasting all over our nice clean network.
"To a man with a hammer, everything looks like a nail."
I suggest that if this is your concern, you will be better served with a package that picks up Undesirable Activity (tm) and then blocks off this user at the switch or router level. Denying him/her a DHCP address is a band-aid, at best.
I do some of this in a simple way using a combination of Portsentry and Shorewall, but really what the doctor ordered is something like Snort (www.snort.org), don't you think?
-- Rodolfo J. Paiz [EMAIL PROTECTED]
-- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
