Hi Graham,
First, I use "Network tab -> DNS Forwarder & DHCP Server: { Configure DNS Hosts
}" for all my setups. It adds to the /etc/hosts file and optionally configures
dnsmasq if a MAC address is defined. This is all done via the STATICHOSTS
variable automatically defined via the /admin/dns
Hello Lonnie,
I like the CIDR idea!
Up until now I had always had the PC's as fixed IP.
But I didn't think that they could simply change to DHCP to get around my
controls.
(I think I actually have the reverse of what you mentioned)
The workers PC's have fixed IP's and shouldn't be accessing the
Graham,
So you want to define who is allowed, not who is disallowed. One method would
be to allow the accepted hosts before denying all the rest.
I would use the...
Network tab -> DNS Forwarder & DHCP Server: { Configure DNS Hosts }
to map the MAC address to IP address via DHCP, so all the 'g
Thanks Lonnie,
that's a nice way of blocking _all_ the traffic.
But I lied - I don't want to stop _everybody_ getting to the Internet, just
those that I say can't. And some of those that I want to allow are in the same
DHCP block as those that I want to block.
And because this is DHCP I'm neve
Yes, an AIF plugin would be the way to do this.
An alternative quick and dirty method would be to add something like this to
the AIF custom-rules script:
-- /mnt/kd/arno-iptables-firewall/custom-rules --
# Put any custom (iptables) rules here down below:
#
Sounds like a great idea for a firewall plugin. Doesn't the adaptive ban
firewall run a script that wakes up every 90 seconds or so and check for
bad things? You could create a plugin script like that wakes up every 5
minutes say, checks for rules to add or remove, does it thing and goes back
to
Hello All,
I've been working on this for a while and have a very crude system working with
cron job scripts creating various dnsmasq.static files and restarting dnsmasq,
but I think there has to be a better way and one that can be made part of the
GUI.
There was some discussion (Lonnie) about
