I have been reading this thread and noticed no one has suggested the MAC address filtering capabilities in Linux 2.4's new ip tables subsystem. I hear there are serious problems with using 2.4.x series kernels as a firewall, though; what are they?
- jsw -----Original Message----- From: Gerard MacNeil [mailto:[EMAIL PROTECTED] Sent: Sunday, July 01, 2001 7:46 AM To: debian-isp@lists.debian.org Subject: Re: users bypassing shaper limitation On Sun, 1 Jul 2001 14:30:33 +0300, [EMAIL PROTECTED] (Sami Haahtinen) wrote: > On Sat, Jun 30, 2001 at 12:07:28PM +0100, Karl E. Jorgensen wrote: > > Besides, the bad guys may choose not to use DHCP - this is > > entirely up to the config on the client machines. > > but if you make dynamic firewall rules based on the leases file, > blocking all outside traffic, it would be efficient enough. Yes, do routing by host /32 rather than network /24. Or you can subnet depending on your hardware configuration. Gerard MacNeil System Administrator -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
