How do you prevent users from setting static IPs in linux?
I have a dhcp server that assigns IPs based on MAC addresses so I can control how many client computers are on the net; but this doesn’t stop people from setting their own IP. Is there a way to stop this? Maybe dynamically set firewall rules to block ips unless they’ve been assigned by the dhcpd? I haven’t a clue and google has failed me.
Observing members:
0
Composing members:
0
6 Answers
I’m no expert but if you’re using iptables can you specify a range of ip addresses to be blocked and only allow the ip addresses that you have in your dhcp pool?
Perhaps whichever firewall method you’re using has an option for that?
Can’t you set permissions for each user that would prevent them from making changes to the network card?
Assuming your IP addresses are assigned from a fixed pool of MAC addresses (that is, computers don’t “come and go” from your network) then it’s trivial to use iptables to allow only those MAC addresses.
Otherwise I think your best bet might be to write a cron job that reads the state of dhcpd.leases and cats the appropriate entries into /etc/hosts.allow so that only machines with a current lease may connect.
Doesn’t PolicyKit allow you such fine-grained control? You could try installing a tool that allows you to edit its permissions (though I vaguely recall there not being a graphical tool for that with the newer versions yet). PolicyKit is only part of modern distributions anyway.
@Vincentt
What permissions do you mean to alter?
Answer this question
This question is in the General Section. Responses must be helpful and on-topic.