bsnottum@xxxxxxxxxx wrote: > Hello! > > I am running fedora core 2 server with dhcp-3.0.1rc14-1. > > I would like to restrict Internet access only to those users that is given > an ip-address from my dhcp server. The dhcp server only gives out > addresses to nic's already defined in dhcpd.conf. > > Has anyone had any experience with this? All kinds of help would be > appreciated. > > Thanks! > > Bjorn > > Have you considered running a proxy server and requiring everyone to connect to the Internet through it. If you just open the firewall to IP addresses assigned by the DHCP server, someone can still use the IP address of a lease that has not expired, but is not being used. If you do not like the proxy approach, you can set up iptables firewall rules using the MAC address. (--mac-source) But you need to be aware that MAC addresses can be faked. One advantage of having the firewall reject connections on the local network that do not have an approved MAC address is that they will not be able to talk to the DHCP server. You could probably write a script that would grab the MAC addresses from the DHCP config file, and generate the firewall rules. If your FC2 box is not your firewall between the local network, and the Internet, then this is not going to work. The what you can do depends on your firewall/router... Mikkel -- Do not meddle in the affairs of dragons, for thou art crunchy and taste good with Ketchup!