MAC address deny in udhcpd
Tom Isaacson
Tom.Isaacson at navico.com
Tue May 29 11:12:33 UTC 2012
>-----Original Message-----
>From: Denys Vlasenko [mailto:vda.linux at googlemail.com]
>Sent: Thursday, 24 May 2012 6:27 p.m.
>To: Tom Isaacson
>Cc: busybox at busybox.net
>Subject: Re: MAC address deny in udhcpd
>
>On Mon, May 14, 2012 at 2:08 AM, Tom Isaacson <Tom.Isaacson at navico.com> wrote:
>> In the example udhcpd.conf it shows how to declare a static IP address
>> for a specific MAC address:
>>
>> | # Static leases map
>> static_lease 00:60:08:11:CE:4E 192.168.0.54
>> |
>>
>> You can also use a MAC address range by using the wildcard:
>>
>> | static_lease 00:21:5a:e7:xx:xx 10.10.1.254
>
>No, you can't:
>udhcpd: can't parse line 57 in udhcpd.conf
Sorry, I thought that was what this post meant:
http://www.readynas.com/forum/viewtopic.php?f=66&t=41419
but looking at the code I can see you're right.
>> But it doesn't seem possible to deny an IP address to a MAC address or range, which is possible in dhcpd.conf. I was thinking this could be done in the same way static leases are done:
>> || static_lease 00:21:5a:e7:xx:xx 0.0.0.0|
>> Alternatively we could add a new command:
>> deny|00:21:5a:e7:xx:xx|
>>
>> What are your thoughts?
>
>You can block incoming packets by MAC using iptables.
>This way, all traffic can be ignored, not only DHCP one.
I don't want to ignore all traffic! I'm trying to support a legacy device which fails when it's given a DHCP address (old bug, not my fault), but I still want it to communicate. Since all the devices have the same manufacturer MAC address it would be simple just to block a range of MAC addresses from receiving DHCP.
More information about the busybox
mailing list