Page 2 of 5
Re: quota and mac addresses
Posted: Sun Nov 29, 2015 5:23 am
by jooocker
Yes,, Just try connect from outsider MAC and static ip 192.168.1.11 witch have quota.
Blocking not working because of quota give allowance to MAC.
I think the ideal solution it by set option "block all clients not assigned from to gargoyle DHCP server"
try it, and tell me if i am wrong.
Thanks
Re: quota and mac addresses
Posted: Wed Jan 13, 2016 12:26 pm
by Tareq
Need to block all static MACs except the MACs in the assigned list.
Re: quota and mac addresses
Posted: Wed Jan 20, 2016 5:07 pm
by nworbnhoj
As discussed, Gargoyle already has an option to
"Block MAC addresses assigned a static IP that connect from a different IP".
jooocker wrote:"block all clients not assigned from to gargoyle DHCP server"
This is easy enough to develop, but the DHCP server will hand out an IP address to anybody who asks for one!
Tareq wrote:block all static MACs except the MACs in the assigned list
Once Known Devices is (hopefully) incorporated into Gargoyle you will be able to create a list of all Known Devices identified by their MAC address.
http://www.gargoyle-router.com/phpbb/vi ... =10#p33962
Then it will be relatively easy to develop "Block unknown devices"
I think probably this all should boil down to just two tick boxes:
Enforce dhcp assignments (static or dynamic) &
Block unknown devices
Remember though, that the mischievous will figure out how to spoof MAC addresses.
When I was at uni we had a wonderful system admin who erected only rudimentary security barriers and took the attitude that enquiring young minds who surmounted them were his best students (and gave them holiday jobs). We had a wow of a time
Re: quota and mac addresses
Posted: Wed Jan 20, 2016 5:46 pm
by Tareq
Great,
Enforce dhcp assignments
Mean , block any ip static that don't assigned from dhcp dynamic. Right?
Re: quota and mac addresses
Posted: Wed Jan 20, 2016 6:37 pm
by nworbnhoj
Gargoyle uses dnsmasq to provide dhcp services.
dnsmasq can be configured to provide a static IP address to some MACs and dynamic IP addresses to others. These assignments are recorded in /tmp/dhcp.leases
By "Enforce dhcp assignments" I mean if a MAC address turns up using an IP address different to the pairing recorded by dnsmasq in /tmp/dhcp.leases, then tell them to buzz off.
By "Block unknown devices" I mean that if the MAC address is not included in the list Known Devices specified by the Gargoyle admin, then tell them to buzz off.
Re: quota and mac addresses
Posted: Wed Jan 20, 2016 11:49 pm
by Tareq
Yes, i understand, that would be useful .
Re: quota and mac addresses
Posted: Fri Jan 22, 2016 1:56 am
by nworbnhoj
nworbnhoj wrote:By "Enforce dhcp assignments" I mean if a MAC address turns up using an IP address different to the pairing recorded by dnsmasq in /tmp/dhcp.leases, then tell them to buzz off.
This bit has been done and will be in the next release
Re: quota and mac addresses
Posted: Fri Jan 22, 2016 2:39 pm
by Tareq
nworbnhoj wrote:
This bit has been done and will be in the next release
Maybe next release will be late, so can you give me the code of files which i will edit to get this feature.
Forget it, If this take a lot of your time.
Re: quota and mac addresses
Posted: Fri Jan 22, 2016 3:30 pm
by nworbnhoj
Tareq wrote:Maybe next release will be late, so can you give me the code of files which i will edit to get this feature.
You can find the 3 files here
https://github.com/ericpaulbishop/gargo ... /440/files
Re: quota and mac addresses
Posted: Fri Jan 22, 2016 5:43 pm
by Tareq
Thank you, i will try it.