[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: I want to have my cake and eat it too

Hi Jonathan,
this is not directly related to the original poster, but I had to
clarify it.

On Tue, 2003-04-01 at 00:39, Jonathan Oxer wrote:
> Even though you didn't ask for it, another thought in passing: provided
> you get this going by whatever means, and depending on how many internal
> machines you have, you could do MAC address matching in iptables to make
> sure only your nominated machines can get to your proper internal
> addresses. In other words, treat your internal network as hostile, not

This gives a false feeling of security, I can bring up my ethernetcard
with any MAC address I want:

ifconfig eth0 hw ether 01:23:45:67:89:AB up

As much as I like MAC matching with iptables, it is just another barrier
and not too hard to circumvent if you watch ARP packets..


Reply to: