Thanks guys, will try to address all of your points.

1. The "users" are not my users. The HotSpot is not for company employees. It is for visitors/guests.

2. Initially, it is just for WiFi though I haven't ruled out wired clients.

3. The m0n0wall server is running a small version of linux in RAM from a CF card. There is little chance that there would be any server-side code.

4. There is no router between the client and the m0n0wall router/firewall.

5. If the computer has two NICs and they are both active, I would want to deny access.

6. If users roam to a different PC, they are to be denied access unless of course they have registered the other PC and received a password. In other words, I want access control per PC, not per user. If I simply put their MAC in the captive portal bypass list, they get access but no longer get the AUP/TOU that they need to consent to.


I suppose it doesn't have to be the MAC address, I just thought it was something easily had and unique. I was hoping is was as simple as the getting the IP like http://www.ipchicken.com/ .
That GUID looks interesting but I think it is server-side. Computername is a possibility. What I need to do is have safeguards to ensure company employees do not gain access to the internet via this wireless HotSpot. Again, this is for non-employees only.