don't rely on mac address only
can do mac spoofing!
use something like captive portal and shedule it for out of office only

Le 11/11/2010 10:03, Graham S. Jarvis a écrit :
> Hello All,
>
> As if you haven't been hearing enough from me recently - here another "nearly
> newbie" question:
>
> I want to stop people on one of my interfaces (you guessed it - eth2/lan2) 
> from
> connecting to the Ethernet outside of office hours.
> I don't know if it would be better to block by IP or MAC - Most users are 
> using
> DHCP so I could block the whole dhcp-range.  But at least one user knows what
> they are doing and could reset their PC with a fixed IP.  I would notice if 
> this
> happens but in order to block them again I would be chasing them through the
> network and at some point they are going to pick an IP that conflicts with
> something important.  With the MAC I know which PC/User it is and "basta" they
> are blocked.
>
> I thought one way to do this is set up the mac-address-filter firewall plugin
> and then have a cron job to switch the mac-address file and restart the 
> firewall.
>
> So my questions are:
>
> 1. What does this mean:
> # Specify here the port(s) you want to SSH checks to apply to
> # 
> ------------------------------------------------------------------------------
> MAC_ADDRESS_IF="$INT_IF"
>
> "... you want to SSH checks to apply to" ???
> Why SSH?
> Does this plugin _only_ stop SSH?
>
> If so, why should anyone only want to stop SSH by mac address?
> And, if it is only dropping port 22 traffic it should be possible to "hack" 
> the
> script so that this plugin checks/blocks all ports.
> Could someone [Lonnie again? :-)] tell me where this plugin script file is
> located please.
>
> Thanks in advance,
>
> -Graham-
>
>
>
> ------------------------------------------------------------------------------
> Centralized Desktop Delivery: Dell and VMware Reference Architecture
> Simplifying enterprise desktop deployment and management using
> Dell EqualLogic storage and VMware View: A highly scalable, end-to-end
> client virtualization framework. Read more!
> http://p.sf.net/sfu/dell-eql-dev2dev
> _______________________________________________
> Astlinux-users mailing list
> Astlinux-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/astlinux-users
>
> Donations to support AstLinux are graciously accepted via PayPal to 
> pay...@krisk.org.
>    


-- 
Meftah Tayeb
inum: +883510001288000
Phone: +13602276297
Fax: +12538020313


------------------------------------------------------------------------------
Centralized Desktop Delivery: Dell and VMware Reference Architecture
Simplifying enterprise desktop deployment and management using
Dell EqualLogic storage and VMware View: A highly scalable, end-to-end
client virtualization framework. Read more!
http://p.sf.net/sfu/dell-eql-dev2dev
_______________________________________________
Astlinux-users mailing list
Astlinux-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/astlinux-users

Donations to support AstLinux are graciously accepted via PayPal to 
pay...@krisk.org.

Reply via email to