Actually, as I mentioned in my original post. I did that already. It does work when the workstations and the DHCP server are on the same subnet, but it doesn't work when they are on different subnets and the packets go through a router on the way. The packet picks up the MAC address of the router port, so the iptables rule does not catch it.
Brent. >>> [EMAIL PROTECTED] 9/11/2003 5:22:13 PM >>> On Thu, Sep 11, 2003 at 04:24:55PM -0500, Brent Herring wrote: > Actually, I'm using the dhcpd from www.isc.org. > > If I understand correctly, the configuration below would statically IP > addresses to the specified MAC addresses. I still want to assign IP > addresses dynamically since I have thousands of workstations to deal > with. > > Simply put I would like the server to DROP all requests for IP > addresses unless it is from MAC addresses that I have specified. Iptables can do this at the packet level. Write a rule that denies all dhcp requests on the port in question except for defined MAC addresses using the -m --match MAC option. Should work as long as the MAC address has not already been stripped out upstream. -- Jack Bowling mailto: [EMAIL PROTECTED] -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
