From owner-freebsd-questions Thu Apr 5 14:20:56 2001 Delivered-To: freebsd-questions@freebsd.org Received: from cody.jharris.com (cody.jharris.com [205.238.128.83]) by hub.freebsd.org (Postfix) with ESMTP id 0049237B43E for ; Thu, 5 Apr 2001 14:20:49 -0700 (PDT) (envelope-from nick@rogness.net) Received: from localhost (nick@localhost) by cody.jharris.com (8.11.1/8.9.3) with ESMTP id f35MOTN12791; Thu, 5 Apr 2001 17:24:29 -0500 (CDT) (envelope-from nick@rogness.net) Date: Thu, 5 Apr 2001 17:24:29 -0500 (CDT) From: Nick Rogness X-Sender: nick@cody.jharris.com To: ScaryG Cc: Kurtis Smith , freebsd-questions@FreeBSD.ORG Subject: Re: Traffic shaping natd dhcp and ipfw In-Reply-To: <013501c0be14$ab0838c0$0f01a8c0@phantom> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Thu, 5 Apr 2001, ScaryG wrote: > > Ok so what I could do then is stop the DHCPD service > > which would suck for more computers adding to the network > > That depends... > > As I understood it, you wish to control what stations have Internet > access? > > If you use DHCP the stations would get a different IP number each day, and > that kinda destroy your ability to handcuff them on a per machine basis. > > So yes, perhaps not using DHCP may be part of your solution. > > However, next up, can you not determine who has access to your daemons by > using /etc/hosts.deny and /etc/hosts.allow? That would let you limit > telnet, ftp, email. /etc/hosts.deny and hosts.allow only apply to telnet and ftp access TO your BSD machine...not to the rest of the internet. You need to run a firewall to block these types of services going outbound to the internet. Nick Rogness - Keep on Routing in a Free World... "FreeBSD: The Power to Serve!" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message