> >> Please exuse me if this is a stupid counter question, >> but isn't this what ethers(5) is for? > > Not really - you could use it as input to a handrolled script if you > wanted, but the main purpose of that file is to lookup addresses/names > for ether_ntohost()/ether_hostton(). > > Like Claudio, if I needed this I'd add ! commands in hostname.if. > > Usually the only place I'd do MAC enforcement (and then only rarely) > would be on switches though.
At this point it is better to enforce mac constraints in pf.conf than loosing on portability (changing hardware, etc) enforcing mac in hostname.if, my opinion. -- Daniele Bonini
