Re: users bypassing shaper limitation

To: Jeff S Wheeler <jsw@five-elements.com>
Cc: debian-isp@lists.debian.org
Subject: Re: users bypassing shaper limitation
From: Peter Billson <pete@elbnet.com>
Date: Sun, 01 Jul 2001 21:09:50 -0400
Message-id: <[🔎] 3B3FC9DE.B4EA8CC7@elbnet.com>
References: <[🔎] NEBBJNLLGLPLEJAFGEPEAEFPCBAA.jsw@five-elements.com>

> I have been reading this thread and noticed no one has suggested the MAC
> address filtering capabilities in Linux 2.4's new ip tables subsystem.  I
> hear there are serious problems with using 2.4.x series kernels as a
> firewall, though; what are they?

  I believe the 2.4.x iptable issues were resolved in 2.4.4. The problem
was that allowing FTP connections through the firewall enabled a
resourceful person to also create unauthorized non-FTP TCP connections
which, obviously, defeats the purpose of a firewall.

  I haven't had a chance to play with iptables yet but your suggestion
for using the MAC address sounds reasonable.

Pete

Reply to:

References:
- RE: users bypassing shaper limitation
  - From: "Jeff S Wheeler" <jsw@five-elements.com>

Prev by Date: Re: Apache - SIGSEGV but no core dumps.
Next by Date: Re: users bypassing shaper limitation
Previous by thread: RE: users bypassing shaper limitation
Next by thread: Re: users bypassing shaper limitation
Index(es):
- Date
- Thread