From: "David Busby" <busby@pnts.com>
To: "PiSiC..." <pisic@service.agress.ro>,
mattgrogan@bigfoot.com, netfilter@lists.netfilter.org
Subject: Re: DHCP related problem
Date: Tue, 17 Jun 2003 09:58:01 -0700 [thread overview]
Message-ID: <066501c334f1$a4cee110$1100000a@busbydev> (raw)
In-Reply-To: 000901c334d6$62853a90$c80da8c0@pisic
The ISC DHCP server has some hooks (see man) that can notify you of a lease.
Those events could drive a script that modifies you firewall rules.
/B
----- Original Message -----
From: "PiSiC..." <pisic@service.agress.ro>
To: <mattgrogan@bigfoot.com>; <netfilter@lists.netfilter.org>
Sent: Tuesday, June 17, 2003 06:43
Subject: Re: DHCP related problem
> I see that i wasn't very explicit...
> so... what i have: i have 12 stations in my LAN. I have set up DHCP with
> FixedAdress for those.
> I work in a computers service and i have a variable number of machines
that
> come and go .
> I set up a pool for those fixed address computers and another one for
> unknown clients which is more restrictive.
> To get to my problem ... I want to drop anyone who sets his IP address and
> GW etc. staticaly.
> I want to let them access only if they request their address by DHCP.
> Any hints ?
>
> Thanks in advance ,
>
> Danila Octavian
>
>
> ----- Original Message -----
> From: "Matt Grogan" <mattgrogan@nyc.rr.com>
> To: "'PiSiC...'" <pisic@service.agress.ro>;
<netfilter@lists.netfilter.org>
> Sent: Tuesday, June 17, 2003 2:24 PM
> Subject: RE: DHCP related problem
>
>
> > You could set up DHCP with a smaller set of addresses, for example
> > x.x.x.100- x.x.x.110 if you only have 10 workstations. Then drop
> everything
> > accessing the Internet except for those source addresses.
> >
> > If you want to go further than that, like stop someone from getting
their
> > information from DHCP and then statically defining it and keeping that
> > address, it gets a little more involved. Maybe reducing the lease time
and
> > scripting to check that all the stations in the DHCP range are also in
the
> > list of DHCP clients on the server would help.
> >
> > Matt Grogan
> >
> > ________________________________________
> > From: netfilter-admin@lists.netfilter.org
> > [mailto:netfilter-admin@lists.netfilter.org] On Behalf Of PiSiC...
> > Sent: Tuesday, June 17, 2003 4:31 AM
> > To: netfilter@lists.netfilter.org
> >
> > Hi all,
> >
> > I want to ask you something... You know a possibility to drop outgoing
> > traffic of clients who define their address staticaly instead of using
my
> > DHCP server ?
> > I also want to allow outgoing access to those who have their IP address
> > given by my DHCP server.
> >
> > Thank you in advance,
> > Danila Octavian
> >
> >
>
>
prev parent reply other threads:[~2003-06-17 16:58 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-06-17 8:30 DHCP related problem PiSiC...
2003-06-17 11:24 ` Matt Grogan
2003-06-17 12:46 ` Julian Gomez
2003-06-17 13:43 ` PiSiC...
2003-06-17 16:58 ` David Busby [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='066501c334f1$a4cee110$1100000a@busbydev' \
--to=busby@pnts.com \
--cc=mattgrogan@bigfoot.com \
--cc=netfilter@lists.netfilter.org \
--cc=pisic@service.agress.ro \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.