General Question

linuxgnuru's avatar

How do you prevent users from setting static IPs in linux?

Asked by linuxgnuru (207points) January 18th, 2011

I have a dhcp server that assigns IPs based on MAC addresses so I can control how many client computers are on the net; but this doesn’t stop people from setting their own IP. Is there a way to stop this? Maybe dynamically set firewall rules to block ips unless they’ve been assigned by the dhcpd? I haven’t a clue and google has failed me.

Observing members: 0 Composing members: 0

6 Answers

mrentropy's avatar

I’m no expert but if you’re using iptables can you specify a range of ip addresses to be blocked and only allow the ip addresses that you have in your dhcp pool?

Perhaps whichever firewall method you’re using has an option for that?

the100thmonkey's avatar

Can’t you set permissions for each user that would prevent them from making changes to the network card?

koanhead's avatar

Assuming your IP addresses are assigned from a fixed pool of MAC addresses (that is, computers don’t “come and go” from your network) then it’s trivial to use iptables to allow only those MAC addresses.
Otherwise I think your best bet might be to write a cron job that reads the state of dhcpd.leases and cats the appropriate entries into /etc/hosts.allow so that only machines with a current lease may connect.

Vincentt's avatar

Doesn’t PolicyKit allow you such fine-grained control? You could try installing a tool that allows you to edit its permissions (though I vaguely recall there not being a graphical tool for that with the newer versions yet). PolicyKit is only part of modern distributions anyway.

koanhead's avatar

What permissions do you mean to alter?

Vincentt's avatar

I have no idea, sorry.

Answer this question




to answer.

This question is in the General Section. Responses must be helpful and on-topic.

Your answer will be saved while you login or join.

Have a question? Ask Fluther!

What do you know more about?
Knowledge Networking @ Fluther