[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

RE: users bypassing shaper limitation

I have been reading this thread and noticed no one has suggested the MAC
address filtering capabilities in Linux 2.4's new ip tables subsystem.  I
hear there are serious problems with using 2.4.x series kernels as a
firewall, though; what are they?

- jsw

-----Original Message-----
From: Gerard MacNeil [mailto:macneil@supercity.ns.ca]
Sent: Sunday, July 01, 2001 7:46 AM
To: debian-isp@lists.debian.org
Subject: Re: users bypassing shaper limitation

On Sun, 1 Jul 2001 14:30:33 +0300, ressu@uusikaupunki.fi (Sami Haahtinen)

> On Sat, Jun 30, 2001 at 12:07:28PM +0100, Karl E. Jorgensen wrote:
> > Besides, the bad guys may choose not to use DHCP - this is
> > entirely up to the config on the client machines.
> but if you make dynamic firewall rules based on the leases file,
> blocking all outside traffic, it would be efficient enough.

Yes, do routing by host /32 rather than network /24.  Or you can subnet
depending on your hardware configuration.

Gerard MacNeil
System Administrator

To UNSUBSCRIBE, email to debian-isp-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact

Reply to: