/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! /* ALSO: Don't quote this header. It makes you look lame :-) */
On Wed, 2001-11-28 at 09:54, Olivier Michel wrote: > a student takes the > network cable out of the computer and plugs it into HIS computer. I do > not want to allow this. > > How could I forbid such behaviour ? The only thing I see is to > associate an IP with the MAC adress of the computer and to refuse a > packet that is coming from an IP adress that does not match the MAC > adress it should have. Is this possible ? I detect the problems with > arpwatch, but I'd also like to reject such bad traffic. Is it possible > to do this using ipchains rules ? (or with netfilter and a 2.4 kernel This could be done using netfilter unde 2.4 (possibly even 2.2, not sure). I don't know of any really clean automated way of doing this under 2.4, but you could manually enter all the MAC addresses of the student workstations. Then rather than allowing your outbound connections based on IP address range of your network, you can allow the traffic based on the MAC addresses. If you would like help in doing something like this, just let me know. Jamin W. Collins _______________________________________________ Masq maillist - [EMAIL PROTECTED] Admin requests can be handled at http://www.indyramp.com/masq-list/ -- THIS INCLUDES UNSUBSCRIBING! or email to [EMAIL PROTECTED] PLEASE read the HOWTO and search the archives before posting. You can start your search at http://www.indyramp.com/masq/ Please keep general linux/unix/pc/internet questions off the list.
