Re: DHCP server – static only
I would agree that having a DHCP-based quasi-static IP setup beats manually configuring each node, but:
All a person would need to do to bypass this “security” measure, is to manually configure an IP address on his/her system.
Filtering by IP addresses only ever works if you’re filtering traffic on a network basis (allow/disallow entire networks), and you control the router and can prevent spoofing. It also kinda works for routable IP addresses, but the lack of egress filtering by most ISPs means IP addresses can be successfully blind-spoofed on many networks.