[Server-devel] Filtering and authentication
John Watlington
wad at laptop.org
Mon Apr 27 11:43:18 EDT 2009
On Apr 27, 2009, at 11:18 AM, Reuben K. Caron wrote:
> Anna wrote:
>> On Sun, Apr 26, 2009 at 10:51 AM, Reuben K. Caron
>> <reuben at laptop.org> wrote:
>>
>> As far as limiting the internet connection to authorized XOs,
>> that's an
>> issue we're probably going to run into at some point once we
>> broaden the XS
>> deployment. So far at the pilot school, the staff members connect
>> to the
>> internet with their personal laptops and iPhones, but I haven't
>> really heard
>> any complaints of abuse yet.
>>
>> If your deployment is relatively small, it should be easy enough
>> to add the
>> hardware addresses of the trusted XOs to dhcpd.conf and disallow
>> unknown
>> machines (or play pranks on them as suggested at
>> http://www.ex-parrot.com/~pete/upside-down-ternet.html).
>>
>> Anna Schoolfield
>> Birmingham
>
> While not all encompassing you could also attempt to drop dhcp
> requests
> that do not come from 00:17:c4 using something similar to:
>
> http://ubuntuforums.org/showthread.php?p=4191756
Please do not take this approach. It sounds quick, easy, and
foolproof,
but will lead to problems in the future. (I almost suggested it,
but decided
the cons outweighted the pros.)
For example, what if you get an XO-1.5 in the mix ? It won't work,
and will
be difficult to debug. You also disallow other laptops (teachers,
etc.) from
being in the network...
wad
More information about the Server-devel
mailing list