FF - Frame Filter for OpenBSD
The idea is - compare mac addresses and IP address (listed in a hash table for quick lookups) If there is no entry drop the frame... otherwise let the frame get decapusluted further up the stack.... well thats the idea... shouldn;t be too tricky (in theory.... haven;t looked at any code yet though) This would not be apart of PF - as from what I have read the PF guys don't want MAC address filtering within PF... I suppose packet filtering doesn't include frames as it is too low a level..... thats why its called packet filter? We all know mac addrs and IP addrs can be spoofed with no problems... but some still want to lock IP addresses to MAC addrs Example scenario.... one of my friends runs a dedicated hosting company.... the users have full root access to each box..... the company wishes to tie IP addrs to mac addrs so that each box on the network can not allocate IP addresses to itself..... the only way i can see this working is by doing MAC address filtering..... comments, ideas, flames? Cheers Steve Jones [EMAIL PROTECTED]
