Re: MAC address and Firewall rules

To: debian-firewall@lists.debian.org
Subject: Re: MAC address and Firewall rules
From: Carl Drougge <carl.drougge@home.se>
Date: Fri, 14 Apr 2000 21:17:27 +0100
Message-id: <[🔎] yam8139.1388.135348984@ix>
In-reply-to: <[🔎] Pine.LNX.4.21.0004142013070.27676-100000@mailtrans.sote.hu>

Den 14-Apr-00 skrev Tamas TEVESZ:

>> Maybe you could play around with arp to "disable" the MAC
>> addresses you don't want to route?  I don't know how reliable or
>> secure it would be if you can, though.
> 
[ ifconfig(8) sets HW-addr]

Obviously it's only usefull in certain types of networks. For example if you
have a switch with hardwired HW-addrs. (There are such switches.)

Or if you only let through a few HW-addrs of machines that are always up,
this should be reasonably safe. (At least you'll be able to tell something
was done from the warnings on the machine whose HW-addr was stolen. Provided
you can lock HW/IP-pairs his TCP/IP-stack will probably be quite confused
from sharing its IP, perhaps enough to make it unusable.)

Reply to:

References:
- Re: MAC address and Firewall rules
  - From: Tamas TEVESZ <ice@extreme.hu>

Prev by Date: Re: MAC address and Firewall rules
Next by Date: ipchains X ipfw compatibility
Previous by thread: Re: MAC address and Firewall rules
Next by thread: [no subject]
Index(es):
- Date
- Thread