Using IPFilter and OpenBSD bridging to authenticate and track users via MAC instead of IP

Using IPFilter and OpenBSD bridging to authenticate and track users via MAC instead of IP

Post by Wyness Casam » Fri, 06 Oct 2000 04:00:00



Hi all,

Here's something I've been thinking about for the last couple of days...

1) Is it possible to ise IPFilter _alone_ to track and authenticate users by
tracing and logging their MAC addresses instead of the IP?

2) I had read somewhere that OBSD's bridging abilities also include the
ability to set rules based on MAC.  Is it possible that the MAC rules could
be set and reset dynamically?

For instance: User 'X' w/ MAC 00-32-ef-a3-b1-10 (made up MAC...  if that's
your MAC - woah... what were the odds!?) tries to pass through the firewall,
but bumps into the bridge...  bridge says 'no... I don't know you' and
forwards the user to an authentication server...  after authentication, the
auth server sends a new rule for that user's MAC telling the bridge to let
the user through.

Pipe dream?  Possibility? (how??)

Thanks!
    -- Wyness