Find the answer to your Linux question:
Results 1 to 3 of 3
Hi, is there any possible way to deny access from static ip address client on dhcp-isc running environment. ? thanks in advance....
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. 09-01-2012 #1
    iryna7
    iryna7 is offline
    Just Joined!
    Join Date
    Sep 2012
    Posts
    2

    deny static ip address on DHCP.

    Hi, is there any possible way to deny access from static ip address client on dhcp-isc running environment. ?

    thanks in advance.
    Reply With Quote Reply With Quote
  2. 09-01-2012 #2
    atreyu
    atreyu is offline
    Trusted Penguin
    Join Date
    May 2011
    Posts
    3,694
    Quote Originally Posted by iryna7 View Post
    Hi, is there any possible way to deny access from static ip address client on dhcp-isc running environment. ?

    thanks in advance.
    if you have a Linux machine functioning as a router on the network, you run a firewall (iptables) and could have it drop all packets originating from all ip addresses except those assigned via DHCP. One way to ensure that you only have "authorized" DHCP clients is by using their MAC addresses to associate with a specific ip address in dhcpd.conf.

    That doesn't stop someone from assigning themselves an ip address, of course. The trick then is how will iptables decide what is a valid (DHCP-assigned) ip address and what is not. I don't know of a native way in iptables to do this, but one way to do it would be using the LOG feature in iptables. You could write a rule that logs ip addresses to a file. Then write yourself a small script that tails that file, and when an ip address comes along, look it up in your dhcpd.conf file. If the ip address does not match up, run an iptables command to DROP/REJECT it.
    Reply With Quote Reply With Quote
  3. 09-01-2012 #3
    iryna7
    iryna7 is offline
    Just Joined!
    Join Date
    Sep 2012
    Posts
    2

    Smile Thank you

    Quote Originally Posted by atreyu View Post
    if you have a Linux machine functioning as a router on the network, you run a firewall (iptables) and could have it drop all packets originating from all ip addresses except those assigned via DHCP. One way to ensure that you only have "authorized" DHCP clients is by using their MAC addresses to associate with a specific ip address in dhcpd.conf.

    That doesn't stop someone from assigning themselves an ip address, of course. The trick then is how will iptables decide what is a valid (DHCP-assigned) ip address and what is not. I don't know of a native way in iptables to do this, but one way to do it would be using the LOG feature in iptables. You could write a rule that logs ip addresses to a file. Then write yourself a small script that tails that file, and when an ip address comes along, look it up in your dhcpd.conf file. If the ip address does not match up, run an iptables command to DROP/REJECT it.

    Thank you for your time on it.

    Best regards.
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules