[CentOS] Block internet access for some users on the LAN ?

Tue Sep 19 20:20:34 UTC 2017
m.roth at 5-cent.us <m.roth at 5-cent.us>

Kenneth Porter wrote:
> --On Tuesday, September 19, 2017 9:57 AM -0700 John R Pierce
> <pierce at hogranch.com> wrote:
>
>> all it takes is one kid, who then shares his 'trick' with other kids,
>> and blam.
>
> Hire that kid to be head of security. :D
>

Um, let's step back a bit here: this is clearly not a large organization.
And only one person can use one MAC address. Anyone beyond the one kid
would have to find others. And, the instant that someone on staff can't
get on, they report it, and you, the admin, either force an expiration of
the lease, or block that IP with a temporary, runtime iptables -A INPUT -s
192.160.10.whatever -J DROP, and they're dead meat.

And then, teachers get to announce that whoever spoofed it will fail the
quarter if they do it again, and the will turn off their device NOW.

See? Simple.

     mark