[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: users bypassing shaper limitation

On Sun, 1 Jul 2001 15:59:34 -0400, "Jeff S Wheeler" <jsw@five-elements.com> wrote:

> I have been reading this thread and noticed no one has suggested the MAC
> address filtering capabilities in Linux 2.4's new ip tables subsystem. 

There is no requirement to run 2.4.x and iptables, nor iproute2, to accomplish the policy implementation that was specified.  The administrative policy is bandwith control over a defined set of IP addresses.  That policy is being circumvented with the current configuration by the whizkids.  It is up to the tech to implement a solution.

Beside, I'm sure I have a MAC address changer utility (or is that a feature of iproute2) that I downloaded sometime in the past.  The same whizkids would use it and circumvent the policy based on MAC addresses with it ... although it would be a trickier thing to accomplish.  I think I have read on some mailing list that it is quite a security issue with PPPoE and some wireless connections.

Gerard MacNeil
System Administrator

Reply to: