Re: I want to have my cake and eat it too
Hi Jonathan,
this is not directly related to the original poster, but I had to
clarify it.
On Tue, 2003-04-01 at 00:39, Jonathan Oxer wrote:
> Even though you didn't ask for it, another thought in passing: provided
> you get this going by whatever means, and depending on how many internal
> machines you have, you could do MAC address matching in iptables to make
> sure only your nominated machines can get to your proper internal
> addresses. In other words, treat your internal network as hostile, not
This gives a false feeling of security, I can bring up my ethernetcard
with any MAC address I want:
ifconfig eth0 hw ether 01:23:45:67:89:AB 192.168.0.1 up
As much as I like MAC matching with iptables, it is just another barrier
and not too hard to circumvent if you watch ARP packets..
Stefan
Reply to: