tech-net: Re: filter by MAC address?

Subject: Re: filter by MAC address?
To: Steven M. Bellovin <smb@cs.columbia.edu>
From: mouss <usebsd@free.fr>
List: tech-net
Date: 12/10/2006 21:38:09

Steven M. Bellovin wrote:
> Is there any way to configure ipf or pf to reject packets based on the
> source MAC address? 

seems possible with pf:
    http://www.openbsd.org/faq/pf/tagging.html

>  Failing that, is there any way to get dhclient to
> do so?
>
>   

if you control the dhcp server, you could assign them IPs in a specific 
range and block this range.

I wonder if it's feasible to blackhole such machines by playing with arp?