I have set up eth-lan with arp: reply only; set up dhcp with pool: static only, made some static ARP addresses.
From this point - no one can get dhcp, so can't get any kind of network with just plugging in cable.
But if someone put in static ips in own laptop - they won't have access to internet, but can have access to other computers/servers in same broadcast network (/24).
so i wan't to have some monitoring/script to see:
a) if someone unknown is asking for dhcp
Code: Select all
/ip firewall filter add action=log chain=input comment="DHCP block" dst-address=255.255.255.255 dst-port=67 in-interface=ether1-i-lan log-prefix=askdhcp_ protocol=udp src-port=68
i was thinking about adding to address list, but there is ip addresses, not mac.
b) if someone has set up static ip
here i figured out that i could add for all static dhcp leases address-list parameter
Code: Select all
/ip dhcp-server lease
add address=192.168.1.20 address-list=computers mac-address=XX:XX:XX:XX:XX:XX server=dhcp-int
Code: Select all
/ip firewall filter
add chain=forward in-interface=ether1-i-lan src-address-list=computers
add action=log chain=forward comment=INL-block in-interface=ether1-i-lan log-prefix=T_
add action=drop chain=forward comment=INL-block in-interface=ether1-i-lan
ideally it would be great to receive an email with computers MAC address. problem is to filter only one entry, not to have 100 emails in minute (because log fills up pretty quickly).
does anyone could give some ideas?
i can't find to have an option for running some script in rules action, so there problably none!?
