Re: users bypassing shaper limitation
> I have been reading this thread and noticed no one has suggested the MAC
> address filtering capabilities in Linux 2.4's new ip tables subsystem. I
> hear there are serious problems with using 2.4.x series kernels as a
> firewall, though; what are they?
I believe the 2.4.x iptable issues were resolved in 2.4.4. The problem
was that allowing FTP connections through the firewall enabled a
resourceful person to also create unauthorized non-FTP TCP connections
which, obviously, defeats the purpose of a firewall.
I haven't had a chance to play with iptables yet but your suggestion
for using the MAC address sounds reasonable.
Pete
Reply to: