RE: users bypassing shaper limitation
I have been reading this thread and noticed no one has suggested the MAC
address filtering capabilities in Linux 2.4's new ip tables subsystem. I
hear there are serious problems with using 2.4.x series kernels as a
firewall, though; what are they?
From: Gerard MacNeil [mailto:firstname.lastname@example.org]
Sent: Sunday, July 01, 2001 7:46 AM
Subject: Re: users bypassing shaper limitation
On Sun, 1 Jul 2001 14:30:33 +0300, email@example.com (Sami Haahtinen)
> On Sat, Jun 30, 2001 at 12:07:28PM +0100, Karl E. Jorgensen wrote:
> > Besides, the bad guys may choose not to use DHCP - this is
> > entirely up to the config on the client machines.
> but if you make dynamic firewall rules based on the leases file,
> blocking all outside traffic, it would be efficient enough.
Yes, do routing by host /32 rather than network /24. Or you can subnet
depending on your hardware configuration.
To UNSUBSCRIBE, email to firstname.lastname@example.org
with a subject of "unsubscribe". Trouble? Contact