On Wed, May 23, 2012 at 10:39 AM, Tom Eastep <[email protected]> wrote:
> On 05/23/2012 08:06 AM, Lee Brown wrote:
> > Hello everybody,
> >
> > Is there a tool that can, for a new connection, verify that the RFC1918
> > IP match what was assigned by DHCP? (firewall gateway with DHCP for
> > inside clients, to a few ISP's on the outside)
> > The obvious effect would be to block traffic for self-assigned IP
> addresses.
> >
> > My flailing around on google has yielded nothing helpful. I'm not the
> > best at guessing good search terms, so please feel free to throw those
> > at me.
>
> http://www.shorewall.net/MAC_Validation.html
I'm sorry Tom, but I don't understand how the leases assigned from the DHCP
server automatically add MAC's it has given an address out to, nor remove
MAC's for expired leases.
If I understand the example correctly, that is essentially accepting
traffic from a fixed list, maclist is a static filter, correct?
Maybe an example would help clarify:
My firewall/gateway/DHCP server is at 10.10.10.1
Guest1 plugs in their laptop and the DHCP server assigns say 10.10.10.10 to
00:01:02:03:04:05 for 1 hour
Guest2 plugs in their laptop and self-assigns themselves 10.10.10.11 as
00:11:22:33:44:55
firewall should forward traffic from 10.10.10.10/00:01:02:03:04:05
firewall should block traffic from 10.10.10.11/mac not really relevant
Guest1 unplugs their laptop and walks away. A little under an hour later
firewall blocks traffic from 10.10.10.10
>
> -Tom
> --
> Tom Eastep \ When I die, I want to go like my Grandfather who
> Shoreline, \ died peacefully in his sleep. Not screaming like
> Washington, USA \ all of the passengers in his car
> http://shorewall.net \________________________________________________
>
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> Shorewall-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
