From owner-freebsd-hackers  Sat Jun 29 11:17:44 2002
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 88B6C37B401
	for <freebsd-hackers@freebsd.org>; Sat, 29 Jun 2002 11:17:41 -0700 (PDT)
Received: from darkstar.wavenet.com.br (darkstar.wavenet.com.br [200.223.81.2])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 789C943E0A
	for <freebsd-hackers@freebsd.org>; Sat, 29 Jun 2002 11:17:39 -0700 (PDT)
	(envelope-from jcrr@ieee.org)
Received: (from root@localhost)
	by darkstar.wavenet.com.br (8.12.5/8.12.2) id g5TIK2TO048917;
	Sat, 29 Jun 2002 15:20:02 -0300 (BRT)
Received: from pchome (wv-acc2-ssa-C8B06E1E.brdterra.com.br [200.176.110.30])
	by darkstar.wavenet.com.br (8.12.5/8.12.2av) with SMTP id g5TIJsNI048907;
	Sat, 29 Jun 2002 15:19:55 -0300 (BRT)
Message-ID: <001f01c21f99$3c363cc0$1e6eb0c8@pchome>
From: "Joao Carlos" <jcrr@ieee.org>
To: "Luigi Rizzo" <rizzo@icir.org>,
	"Nielsen" <nielsen@memberwebs.com>
Cc: "Terry Lambert" <tlambert2@mindspring.com>,
	"Ken Ebling" <kebling@us-it.net>, <freebsd-hackers@freebsd.org>
References: <000801c21f1c$029cefe0$0201a8c0@Ken> <3D1D4EB3.9410011@mindspring.com> <20020629170251.65DDB43E13@mx1.FreeBSD.org> <20020629110237.A73787@iguana.icir.org>
Subject: Re: ipfw/dummynet suggestion
Date: Sat, 29 Jun 2002 15:17:24 -0300
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
X-Virus-Scanned: by AMaViS perl-10
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-hackers.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-hackers>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-hackers>
X-Loop: FreeBSD.ORG

> several viruses do change the MAC address. The only real
> security is to have one user per port and filter the ports.
> Next step (but not as safe) is to wire down the arp table and only accept
> things that are in there (will be easy to implement in the
> new ipfw)

I think it would be easier to deny all mac address in the ipfw rules except
by those that you know, right?

---
Joao Carlos
jcrr@ieee.org


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message