From owner-freebsd-hackers  Sat Jun 29 11: 2:48 2002
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id BBA9E37B400
	for <freebsd-hackers@FreeBSD.ORG>; Sat, 29 Jun 2002 11:02:41 -0700 (PDT)
Received: from iguana.icir.org (iguana.icir.org [192.150.187.36])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 47AB543E09
	for <freebsd-hackers@FreeBSD.ORG>; Sat, 29 Jun 2002 11:02:41 -0700 (PDT)
	(envelope-from rizzo@iguana.icir.org)
Received: (from rizzo@localhost)
	by iguana.icir.org (8.11.6/8.11.3) id g5TI2bX73842;
	Sat, 29 Jun 2002 11:02:37 -0700 (PDT)
	(envelope-from rizzo)
Date: Sat, 29 Jun 2002 11:02:37 -0700
From: Luigi Rizzo <rizzo@icir.org>
To: Nielsen <nielsen@memberwebs.com>
Cc: Terry Lambert <tlambert2@mindspring.com>,
	Ken Ebling <kebling@us-it.net>, freebsd-hackers@FreeBSD.ORG
Subject: Re: ipfw/dummynet suggestion
Message-ID: <20020629110237.A73787@iguana.icir.org>
References: <000801c21f1c$029cefe0$0201a8c0@Ken> <3D1D4EB3.9410011@mindspring.com> <20020629170251.65DDB43E13@mx1.FreeBSD.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5.1i
In-Reply-To: <20020629170251.65DDB43E13@mx1.FreeBSD.org>; from nielsen@memberwebs.com on Sat, Jun 29, 2002 at 10:02:51AM -0700
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-hackers.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-hackers>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-hackers>
X-Loop: FreeBSD.ORG

On Sat, Jun 29, 2002 at 10:02:51AM -0700, Nielsen wrote:
> Usually remote MAC address. It's used for restricting users on a subnet. I
> have an ugly hack that does this at present and am looking forward to the
> MAC address support. Yes, I know users can conceivably change their MAC

THERE IS MAC SUPPORT IN THE NEW IPFW!!!

> addresses but most would never know how. They change their IP addresses to

several viruses do change the MAC address. The only real
security is to have one user per port and filter the ports.
Next step (but not as safe) is to wire down the arp table and only accept
things that are in there (will be easy to implement in the
new ipfw)

	cheers
	luigi


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message