Re: Block IP adresses via DHCP ?
On 8/9/05, email@example.com <firstname.lastname@example.org> wrote:
> i use dhcp3d to assign specific hosts in my network fixed ip adresses via MAC. Works fine ...
> But is it possible to "block" an IP if someone tries to manualy set up an IP Adress on his host ?
> Eg. dhcpd will assign 192.168.1.1 to the mac 00:11:22:33:44:55:66.
> Someone other is trying to set up the ip 192.168.1.1 on his host and should get the message that the ip is allready in use ...
There are several ways to block folks who haven't gone through
whatever activation process you require.
You can have something monitor the logs for dhcpd and upon a
successful IP assignment, add a rule to the FORWARD chain to allow
traffic with that host (specify IP and MAC in the added rules so
someone would have to spoof both). You would need to set up some kind
of timeout to let those rules die, or remove the rules upon heartbeat
ping fail/MAC address change.
Especially if your network is wireless and even if it isn't, consider
a captive portal. The most popular is nocat.net, but a quick
Google/Wikipedia search would yield many more to evaluate.