I’ve been watching this thread for some time, this package does something very similar to that of a shell script/daemon I wrote. But my shell script/daemon takes it a step further; when it recognizes a new device on the network (not within a open DHCP range) is adds the IP/MAC address to available linux firewalls on the network. This is the default setup, I can change the sensitivity to be strict it would add the IP/MAC address of a newly discovered device in the open DHCP range to the firewalls. The script must have sudo access of course because iptables command requires it, it also must be able to login to other linux boxes without a SSH password.
Adding IP addresses on Linux firewalls is relatively simple but finding a way to do this on NethServer was challenging. Instead I opted to use MAC addresses. In order to do that I needed to create a custom template for shorewall where the BLACKLIST option changed to “NEW,UNVALID,UNTRACKED” so that I can dynamically add and remove the MAC’s.
The shell script/daemon consists of three files, a configuration file, daemon and shell commands itself. If anyone is interested in looking at the concept I can certainly upload it to github. It may take some time because I’d have to remove a number of personal settings.