RE: users bypassing shaper limitation

To: <debian-isp@lists.debian.org>
Subject: RE: users bypassing shaper limitation
From: "Jeff S Wheeler" <jsw@five-elements.com>
Date: Sun, 1 Jul 2001 15:59:34 -0400
Message-id: <[🔎] NEBBJNLLGLPLEJAFGEPEAEFPCBAA.jsw@five-elements.com>
In-reply-to: <[🔎] 20010701084616.1639278d.macneil@supercity.ns.ca>

I have been reading this thread and noticed no one has suggested the MAC
address filtering capabilities in Linux 2.4's new ip tables subsystem.  I
hear there are serious problems with using 2.4.x series kernels as a
firewall, though; what are they?

- jsw

-----Original Message-----
From: Gerard MacNeil [mailto:macneil@supercity.ns.ca]
Sent: Sunday, July 01, 2001 7:46 AM
To: debian-isp@lists.debian.org
Subject: Re: users bypassing shaper limitation

On Sun, 1 Jul 2001 14:30:33 +0300, ressu@uusikaupunki.fi (Sami Haahtinen)
wrote:

> On Sat, Jun 30, 2001 at 12:07:28PM +0100, Karl E. Jorgensen wrote:
> > Besides, the bad guys may choose not to use DHCP - this is
> > entirely up to the config on the client machines.
>
> but if you make dynamic firewall rules based on the leases file,
> blocking all outside traffic, it would be efficient enough.

Yes, do routing by host /32 rather than network /24.  Or you can subnet
depending on your hardware configuration.

Gerard MacNeil
System Administrator

--
To UNSUBSCRIBE, email to debian-isp-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org

Reply to:

Follow-Ups:
- Re: users bypassing shaper limitation
  - From: Peter Billson <pete@elbnet.com>
- Re: users bypassing shaper limitation
  - From: Gerard MacNeil <macneil@supercity.ns.ca>

References:
- Re: users bypassing shaper limitation
  - From: Gerard MacNeil <macneil@supercity.ns.ca>

Prev by Date: Multiple DSL lines + iproute + squid ...
Next by Date: Re: Apache - SIGSEGV but no core dumps.
Previous by thread: Re: users bypassing shaper limitation
Next by thread: Re: users bypassing shaper limitation
Index(es):
- Date
- Thread