Subject: Re: filter by MAC address?
To: None <>
From: Steven M. Bellovin <>
List: tech-net
Date: 12/10/2006 15:38:41
On Sun, 10 Dec 2006 21:38:09 +0100
mouss <> wrote:

> Steven M. Bellovin wrote:
> > Is there any way to configure ipf or pf to reject packets based on
> > the source MAC address? seems possible with pf:
> >  Failing that, is there any way to get dhclient to
> > do so?
> >
> >   if you control the dhcp server, you could assign them IPs in a
> > specific range and block this range.
> I wonder if it's feasible to blackhole such machines by playing with
> arp?
The specific issue is trying to block a rogue dhcp server, and in
particular one for a 1918 address range.  It's easy enough to add


to dhclient.conf, but you wander to the next NATted network and you'll
block the legitimate server that way.

		--Steve Bellovin,