Re: MAC address and Firewall rules
Den 14-Apr-00 skrev Tamas TEVESZ:
>> Maybe you could play around with arp to "disable" the MAC
>> addresses you don't want to route? I don't know how reliable or
>> secure it would be if you can, though.
>
[ ifconfig(8) sets HW-addr]
Obviously it's only usefull in certain types of networks. For example if you
have a switch with hardwired HW-addrs. (There are such switches.)
Or if you only let through a few HW-addrs of machines that are always up,
this should be reasonably safe. (At least you'll be able to tell something
was done from the warnings on the machine whose HW-addr was stolen. Provided
you can lock HW/IP-pairs his TCP/IP-stack will probably be quite confused
from sharing its IP, perhaps enough to make it unusable.)
Reply to: