Yeah.. and my openbsd box is the router. I have 2 qfe cards in it. I'm just wanting a way to where I can ensure (dosn't have to be 100% mind you) that only some people can get through the box. The DHCP server only gives out static IP Addresses, according to the MAC Address.
I don't want to spend a bunch of time making it 100% secure, but I'm wanting to accomplish two main things. Control access a little, and make sure that someone dosn't give their machine a static IP Address and do network traffic through the router. Just a little pre-filtering to stop the ignorant people, and the wanna-be hackers. -Shawn -----Original Message----- From: Stefan Sonnenberg-Carstens [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 26, 2003 9:12 AM To: Shawn Mitchell; [EMAIL PROTECTED] Subject: Re: PF MAC Filter No, it is not possible. And you should remember that a setup like that can cut you off by mistake; everyone who had to deal with a Fw-1 and the f***ng arp-cache should know ... And another thing : In Ethernet terms, you can only see MAC's on your ethernet segment (eg a router,switch) etc, so if you a have a router in front of your pf firewall, MAC filterering can only make sure, that this is the router your are dealing with. As far as I remember, you will never see the MAC's of hosts BEFORE the router. So to mee it seems only like some anti-spoofing techniq with limited ability; Are you sure you want that ? Perhaps you should specify your intention a bit clearer. ----- Original Message ----- From: "Shawn Mitchell" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, February 26, 2003 10:26 AM Subject: PF MAC Filter > > Is it possable to specify a MAC Address filter? > > And just to go ahead and cut off the trolls on MAC Filtering... I know you > can change your MAC address. I don't care that you can. I'm wanting to > place a few filters that will stop 98% of the people out there, and put > something in place to where I can force an IP Address to be used only by a > specified network interface. > > >
