Mmmmkaaaay... no.
.............Intarweb
..................|
LAN <=|> Firewall <|=> WLAN Router <=> WLAN Clients
OK, we have totally different ideas about what security is, you just want to protect your LAN stuff, I also want to protect my wireless equipment.
* by MAC
MAC addresses are quite visible once WEP is cracked
* by fixed IP per MAC
IP addresses are equally visible
* Match chain => MAC ! fixed IP per Hostname => REJECT
Just hoping the intruder won't figure that out?
* If you're hardcore you can also make a finger match for the OS that HAS to run on that machine with that IP and exactly that MAC, or even funnier:
* Have a random high port open on your machines where you have a rsync daemon drop a keyfile every hour that has to be synchronized on the firewall (using rsync with private keys for each machine), and have a match condition on the exact file bytes
* I guess I could come up with about 200 more creative solutions how to fortify a network so literally no one without physical access can fsck with it, not even if they break the WAP/WEP/WPA/[...] encryption.
Really? With broken WEP, I can steal both your mac address and IP address and start hijacking your TCP sessions. And your machine will be doing all the creative stuff to make sure both of us are online.
