You fail to understand. Drop traffic from any MAC/IP pair that isn't "registered" with you, thus in your traffic shaper configuration. Keeping track of MAC addresses and where they're supposed to be on your network in a campus environment is pretty standard. I work on a University campus and must notify the IT department anytime I want to add a host or move network cards around. If I do not, they will grumble and/or disable the ethernet ports that unknown MAC addresses appear on. In some areas (e.g. student labs) they do that automatically so kids can't just bring their laptop in and hop on napster at 100Mbit.
- jsw -----Original Message----- From: Gerard MacNeil [mailto:[EMAIL PROTECTED] Sent: Monday, July 02, 2001 5:39 AM To: debian-isp@lists.debian.org Subject: Re: users bypassing shaper limitation On Sun, 1 Jul 2001 15:59:34 -0400, "Jeff S Wheeler" <[EMAIL PROTECTED]> wrote: > I have been reading this thread and noticed no one has suggested the MAC > address filtering capabilities in Linux 2.4's new ip tables subsystem. There is no requirement to run 2.4.x and iptables, nor iproute2, to accomplish the policy implementation that was specified. The administrative policy is bandwith control over a defined set of IP addresses. That policy is being circumvented with the current configuration by the whizkids. It is up to the tech to implement a solution. Beside, I'm sure I have a MAC address changer utility (or is that a feature of iproute2) that I downloaded sometime in the past. The same whizkids would use it and circumvent the policy based on MAC addresses with it ... although it would be a trickier thing to accomplish. I think I have read on some mailing list that it is quite a security issue with PPPoE and some wireless connections. Gerard MacNeil System Administrator -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
