Date: Fri, 28 Dec 2001 11:49:28 -0800 From: Phil Staub <phils@ke7hc.net> To: security@FreeBSD.ORG Subject: Re: ipfw by MAC Message-ID: <20011228114927.A43549@ke7hc.net> In-Reply-To: <20011227231154.M2090@blossom.cjclark.org>; from cjc@FreeBSD.ORG on Thu, Dec 27, 2001 at 11:11:54PM -0800 References: <Pine.LNX.4.21.0112271901160.15564-100000@ocis.ocis.net> <20011227231154.M2090@blossom.cjclark.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Dec 27, 2001 at 11:11:54PM -0800, Crist J . Clark wrote: > On Thu, Dec 27, 2001 at 07:02:02PM -0800, John F Cuzzola wrote: > > > > Hi there, > > > > Does the latest version of FreeBSD allow you to create ipfw rules based > > on MAC address instead of IP? > > No. This sort of prompts a question I've been wondering about since the @Home->attbi.com transition: Has anyone addressed the issue of configuring a firewall with a DHCP-assigned outside IP address? I had been using hard-coded IP addresses in my firewall, because even though @Home was theoretically using DHCP for IP address assignment, it never changed, and the lease timeout was set really long, (I think it was a month or more) so "pretending" to have a static IP worked ok. When I was switched to attbi.com, the DHCP lease period has been reduced to 2 days, increasing the probability that someday my link will be down when it comes time for a lease renewal, and I'm assuming that I very likely would get a different IP address when the link returns. If that happens, it means reworking the firewall rules with the new IP address. Not an incredible burden, given the generally good uptime I've experienced with the cable modem, but if it could be eliminiated or automated, I'd like to do so. I suppose that tying the firewall rules to the MAC address would be one way of doing that, but since that isn't supported, I'm curious if anyone has come up with a different way of doing it. Thanks, Phil -- Phil Staub, KE7HC phils@ke7hc.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011228114927.A43549>