Static ARP - stop users manually claiming IP

  • Hey,

    is there a way to stop users manually claiming a IP adress?
    So only when MAC address and IP address fit the entry in the list, they will be able to communicate with the firewall on this NIC.

    Static ARP is enabled. But when the MAC adress is in the list, the User can change IP Adress manually and can still communicate with the firewall on this NIC.

    I use pfSense 1.2.3

    Thanks for your help.

  • Hmm, what about non-IP traffic then?

    Don't think this is possible using JUST pfSense.

    Quick thought: You could look at putting each user in a VLAN and only letting traffic through from that IP, but I think that would be a pain to setup and maintain, plus it would break a lot of things, probably.

  • Rebel Alliance Developer Netgate

    FYI- Static ARP is broken on 1.2.3. It does not get applied at boot time.