don't rely on mac address only can do mac spoofing! use something like captive portal and shedule it for out of office only
Le 11/11/2010 10:03, Graham S. Jarvis a écrit : > Hello All, > > As if you haven't been hearing enough from me recently - here another "nearly > newbie" question: > > I want to stop people on one of my interfaces (you guessed it - eth2/lan2) > from > connecting to the Ethernet outside of office hours. > I don't know if it would be better to block by IP or MAC - Most users are > using > DHCP so I could block the whole dhcp-range. But at least one user knows what > they are doing and could reset their PC with a fixed IP. I would notice if > this > happens but in order to block them again I would be chasing them through the > network and at some point they are going to pick an IP that conflicts with > something important. With the MAC I know which PC/User it is and "basta" they > are blocked. > > I thought one way to do this is set up the mac-address-filter firewall plugin > and then have a cron job to switch the mac-address file and restart the > firewall. > > So my questions are: > > 1. What does this mean: > # Specify here the port(s) you want to SSH checks to apply to > # > ------------------------------------------------------------------------------ > MAC_ADDRESS_IF="$INT_IF" > > "... you want to SSH checks to apply to" ??? > Why SSH? > Does this plugin _only_ stop SSH? > > If so, why should anyone only want to stop SSH by mac address? > And, if it is only dropping port 22 traffic it should be possible to "hack" > the > script so that this plugin checks/blocks all ports. > Could someone [Lonnie again? :-)] tell me where this plugin script file is > located please. > > Thanks in advance, > > -Graham- > > > > ------------------------------------------------------------------------------ > Centralized Desktop Delivery: Dell and VMware Reference Architecture > Simplifying enterprise desktop deployment and management using > Dell EqualLogic storage and VMware View: A highly scalable, end-to-end > client virtualization framework. Read more! > http://p.sf.net/sfu/dell-eql-dev2dev > _______________________________________________ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. > -- Meftah Tayeb inum: +883510001288000 Phone: +13602276297 Fax: +12538020313 ------------------------------------------------------------------------------ Centralized Desktop Delivery: Dell and VMware Reference Architecture Simplifying enterprise desktop deployment and management using Dell EqualLogic storage and VMware View: A highly scalable, end-to-end client virtualization framework. Read more! http://p.sf.net/sfu/dell-eql-dev2dev _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
