Re: checking the not allowed changing of IP's
On Mon, Oct 15, 2001 at 11:49:19PM +0200, Imran Geriskovan wrote:
> We use DHCP in our LAN.
> I wonder if I can block any traffic generated by any
> local computer which did NOT get its IP from DHCP server.
> (DHCP server and gateway/firewall are on the same box)
> Any ideas?
You could write scripts to add/delete firewall rules when
certain "events" happen to the DHCP server. I think ISC dhcp
supports this sort of thing. Check the man page.
The idea is that when the DHCP server hands out a lease to a
certain machine, your script gets run to add a rule allowing
'Net access. When the lease expires, the DHCP server calls your
script to remove the rule.
Also, if you have a small enough number of machines on your lan,
you could build up a list of the machines/mac addresses and use
arpwatch to see when someone's changed their IP address. Then
go and tell them not to.