Firewall Wizards mailing list archives

MAC blocking

From: "Eric Appelboom" <eric () mweb com>
Date: Fri, 25 Nov 2005 17:34:03 +0200

Hi

I would like to white list known MAC address on a subnet and block\deny
any new MACs.
If a new MAC is seen the firewall it should not allow that MAC to pass
traffic out that segment\vlan.
A similar concept to MAC address locking on Wifi AP's

It would be great to have this as a feature on a protected segment of a
firewall.

One could script a diff on files containing arp entries and then arp
poison the IP associated 
to the new MAC (not the correct way) or spoof or bind the offending MAC
with ifconfig\macmakeup\SMAC and bind to secondary interface.

Any better ideas?   (no 802.1x NAC\NAP please)

Regards
Eric
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

MAC blocking Eric Appelboom (Nov 28)
- Re: MAC blocking Patrick M. Hausen (Nov 28)
  - Re: MAC blocking Chuck Swiger (Nov 28)
    - Re: MAC blocking Patrick M. Hausen (Nov 28)
- Re: MAC blocking Paul D. Robertson (Nov 28)
- Re: MAC blocking Chris Byrd (Nov 28)