Find the answer to your Linux question:
Results 1 to 3 of 3
Hi, is there any possible way to deny access from static ip address client on dhcp-isc running environment. ? thanks in advance....
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Sep 2012
    Posts
    2

    deny static ip address on DHCP.


    Hi, is there any possible way to deny access from static ip address client on dhcp-isc running environment. ?

    thanks in advance.

  2. #2
    Trusted Penguin
    Join Date
    May 2011
    Posts
    4,307
    Quote Originally Posted by iryna7 View Post
    Hi, is there any possible way to deny access from static ip address client on dhcp-isc running environment. ?

    thanks in advance.
    if you have a Linux machine functioning as a router on the network, you run a firewall (iptables) and could have it drop all packets originating from all ip addresses except those assigned via DHCP. One way to ensure that you only have "authorized" DHCP clients is by using their MAC addresses to associate with a specific ip address in dhcpd.conf.

    That doesn't stop someone from assigning themselves an ip address, of course. The trick then is how will iptables decide what is a valid (DHCP-assigned) ip address and what is not. I don't know of a native way in iptables to do this, but one way to do it would be using the LOG feature in iptables. You could write a rule that logs ip addresses to a file. Then write yourself a small script that tails that file, and when an ip address comes along, look it up in your dhcpd.conf file. If the ip address does not match up, run an iptables command to DROP/REJECT it.

  3. #3
    Just Joined!
    Join Date
    Sep 2012
    Posts
    2

    Smile Thank you

    Quote Originally Posted by atreyu View Post
    if you have a Linux machine functioning as a router on the network, you run a firewall (iptables) and could have it drop all packets originating from all ip addresses except those assigned via DHCP. One way to ensure that you only have "authorized" DHCP clients is by using their MAC addresses to associate with a specific ip address in dhcpd.conf.

    That doesn't stop someone from assigning themselves an ip address, of course. The trick then is how will iptables decide what is a valid (DHCP-assigned) ip address and what is not. I don't know of a native way in iptables to do this, but one way to do it would be using the LOG feature in iptables. You could write a rule that logs ip addresses to a file. Then write yourself a small script that tails that file, and when an ip address comes along, look it up in your dhcpd.conf file. If the ip address does not match up, run an iptables command to DROP/REJECT it.

    Thank you for your time on it.

    Best regards.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •