Access Control
Glenn Satchell
Glenn.Satchell at uniq.com.au
Wed Nov 18 15:01:53 UTC 2009
>From: donovan jeffrey j <donovan at beth.k12.pa.us>
>To: Users of ISC DHCP <dhcp-users at lists.isc.org>
>Subject: Access Control
>Date: Wed, 18 Nov 2009 09:00:19 -0500
>X-BeenThere: dhcp-users at lists.isc.org
>
>Greetings
>
>how do I setup access control in dhcpd? I have a MAC address that I
>want to deny lease to. I'm not sure how to specify the deny statement.
>
># mysubnet
>subnet 10.1.1.0 netmask 255.255.255.0 {
>range 10.1.1.10 10.1.1.100;
>option routers 10.1.1.1
>option domain-name " foo.bar";
>option domain-name-server "10.1.1.2";
>}
>
>somewhere in here I need to Deny lease to 00:00:00:12:34:5f
>
>any insight would be helpful
>-j
host "bad_host" {
hardware ethernet 00:00:00:12:34:5f;
ignore booting;
}
You can use "deny booting" and dhcpd will log a message each time.
Remember though, that the user could bypass dhcp and manually configure
a valid IP address and get full access. dhcp is not a security
protocol.
regards,
-glenn
More information about the dhcp-users
mailing list