I am using Internet Sharing in OSX 10.4.8 to share my cable modem to
other Windows-based PC's wirelessly.  How can I prevent specified MAC
Addresses from connecting to my wireless network?


THE DETAILS:

This seems to be what I'm looking for, but nothing I do in NetInfo
Manager seems to work:
(http://developer.apple.com/documentation/Darwin/Reference/ManPages/man8/bootpd.8.html)

Here is a quote from a forum that is related to this subject:  

"I don't know if you've solved your problem already, but I think I
found a solution. IPFW won't do MAC address filtering, but bootpd, the
program that serves DHCP and doles out the IP addresses will. As
detailed in the bootpd man pages
(http://developer.apple.com/documentation/Darwin/Reference/ManPages/man8/bootpd.8.html),
you can insert allow and deny statements in the DHCP directory in
NetInfo Manager.

A statement with the property allow and the value the MAC address of
your wireless card should lock all other computers out of your
network. I can't seem to remember exactly where, but the man pages say
that the MAC address should be formatted in the usual style, but with
the most significant zeros eliminated, where 00 is 0 and 04 is 4."

Thank you very much for helping me out with this extremely aggravating problem.

---

Request for Question Clarification by aht-ga on 31 Oct 2006 00:08 PST

lithiump4-ga:

Please take a look at this MACOSXHints forum posting, and let me know
if it is what you are looking for:

http://www.macosxhints.com/article.php?story=20041005183041743

As for the last bit in the posting, about stripping the leading zeros
(if any), it means that a MAC address of, for example,
00:0E:12:FE:43:02 becomes 0:E:12:FE:43:2 (lost the leading zeros),
whereas A3:22:43:DE:5F:8E which has no leading zeros, remains
unchanged.

Does this help you? If so, please let me know so that I may post it as
the answer and earn your list price.

Regards,

aht-ga
Google Answers Researcher

---

Clarification of Question by lithiump4-ga on 01 Nov 2006 10:10 PST

That is what I have been doing, but it still doesn't filter anybody
out.  When I save the settings in NetInfo Manager and restart the
Internet Sharing, the settings that I changed in NetInfo Manager
revert back to the default.  Even if I don't restart Internet Sharing,
the settings never take effect.  Am I doing something wrong?  Is there
any way to prevent this from happening?

---

Request for Question Clarification by aht-ga on 01 Nov 2006 20:43 PST

lithiump4-ga:

When you create the new value in Netinfo Manager (that is, the 'allow'
property under the /config/dhcp structure) and select File>Save, does
the system prompt you to "Update this copy", and is that what you are
selecting? Then, are you rebooting the Mac in order to ensure that
bootpd is closed and restarted (as opposed to Internet sharing)?

aht-ga
Google Answers Researcher

---

Clarification of Question by lithiump4-ga on 04 Nov 2006 15:48 PST

Restarting fixed the problem!  THANKS A LOT!!!

lithiump4-ga:

I'm glad that restarting did the trick, and I hope I'm not being
presumptious in thinking that I'm able to post a summary of our
conversation above as the Answer in order to close the Question.

The ability to filter MAC addresses when sharing an Internet
connection through the built-in gateway capabilities of OS X, resides
within the the bootpd process. This is the process that provides DHCP
services as part of the gateway functions, so it is the logical place
for the filtering to take place; essentially, if the system doesn't
approve of the MAC address, it won't issue it an IP address and allow
it to connect to the network.

Configuring bootpd, is accomplished through the Netinfo Manager tool.
This tool allows you to create and alter configuration values for many
of the processes that make up OS X. When processes first start up,
they refer to the configuration values to know what they are supposed
to do. In this case, bootpd needs to be told to only allow certain
clients with specific MAC addresses to receive DHCP-assigned IP
addresses and other networking parameters.

The posting at:

http://www.macosxhints.com/article.php?story=20041005183041743

tells us what values need to be created/edited in Netinfo Manager in
order to accomplish this. The posting also tells us how the values
must be formatted; specifically, that we need to omit any leading
zeros in the hexadecimal numbers that make up a MAC address.

Once the values have been created/edited and saved, it is necessary to
shut down the bootpd process, and any other processes dependent on
bootpd, then to restart bootpd so that it uses the new values. The
easiest way to do this, is to simply reboot the computer.

I'm glad that this approach worked for you, and wish you pleasant
surfing and 'torrenting in the future!

Regards,

aht-ga
Google Answers Researcher

Thanks a lot!  Did a great job and provided a lot of  information to
help with the problem at hand.