tech-net archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: MVP for a DHCP server
---- On Tue, 15 Jul 2025 23:32:09 +0100 Greg Troxel <gdt%lexort.com@localhost> wrote ---
> Roy Marples <roy%marples.name@localhost> writes:
>
> > I have a ton of devices I have zero control over, can't be customised and yet I only have one box, my main router, with a fixed IP.
> > The IP's of my other devices change from time to time, but it's not really important as every box I need to manualy connect to can be reached by mDNS or DDNS.
>
> How do you coordinate different per-device firewall rules with npf?
I don't.
Knowing that I don't control some devices it would be foolish to assume I can control the IP address the device wants or even uses.
For example, a bad actor could negotiate 192.168.1.77/24 via DHCP but also configure a random address on the subnet that no-one is using (hello ARPing)
or sniff the traffic and use well known IP's.
Putting it another way - an IP address is not a secret - it's a vital part of networking. You never own it, other devices can spoof it.
It you want this layer of security then each switch needs to have a hardware/port-> IP mapping to enforce it, which is outside the scope of DHCP.
Roy
Home |
Main Index |
Thread Index |
Old Index