How do I MAC filter with DHCP server

dhcp mac-address dnsmasq

You can do this by specifying only a static range

dhcp-range=192.168.0.0,static

EDIT: Change the address range above to meet your requirements.

With no dynamic ranges specified dnsmask will only provide addresses to hosts that have a corresponding dhcp-host configuration

# Specify a subnet which can't be used for dynamic address allocation,
# is available for hosts with matching --dhcp-host lines. Note that
# dhcp-host declarations will be ignored unless there is a dhcp-range
# of some type for the subnet in question.
# In this case the netmask is implied (it comes from the network
# configuration on the machine running dnsmasq) it is possible to give
# an explicit netmask instead.
#dhcp-range=192.168.0.0,static

Alternatively to @Chopper3 's solution, you can add iptables rules like these

# Create the DHCP_clients chain in the 'raw' table
iptables -t raw -N DHCP_clients

# Incoming DHCP, pass to chain processing DHCP
iptables -t raw -A PREROUTING -p udp --dport 67 -j DHCP_clients

# Allowed DHCP clients
iptables -t raw -A DHCP_clients -m mac --mac-source 00:11:22:33:44:55 -j ACCEPT
iptables -t raw -A DHCP_clients -m mac --mac-source 00:11:22:33:44:56 -j ACCEPT
iptables -t raw -A DHCP_clients -m mac --mac-source 00:11:22:33:44:57 -j ACCEPT

# Deny other clients not listed above
iptables -t raw -A DHCP_clients -j DROP

Edit: If you need to add additional 'known'/allowed clients, just do the following for each additional client:

# We insert a rule at the head of the chain using the '-I' command
iptables -t raw -I DHCP_clients -m mac --mac-source $CLIENT_MAC -j ACCEPT

(Note: it's using -I (insert) instead of -A (append), so the new rule will be the first rule to be checked. If we don't insert, appended rules will be overridden by the rule with -j DROP)


# Ignore any clients which are not specified in dhcp-host lines
# or /etc/ethers. Equivalent to ISC "deny unknown-clients".
# This relies on the special "known" tag which is set when
# a host is matched.
#dhcp-ignore=tag:!known

If you only want specific MACs to get DHCP addresses just create your list of reservations as you have then set the range to cover only those IP addresses. That way it won't have any more addresses to hand out.

Related

Running iPad Apps without an iPad?
When does colocation become more cost effective than renting dedicated servers?
Why should I use a well-known port number? (ex. 22, 80, etc...)
mysql not to print selects output to terminal
Running out of IP addresses
Nginx/FPM/PHP all php files say 'File not found.'
What would happen if I did a raid on a SSD and an HDD?
Why does my mail get marked as spam?
How can I stop SipVicious ('friendly-scanner') from flooding my SIP server?
How to flush Amazon Linux AMI DNS cache?
how to pipe a mysql dump to s3cmd
How to get the Physical path of a mounted VHD in Windows Server 2008 R2