From owner-freebsd-hackers Sat Jun 29 11:17:44 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 88B6C37B401 for ; Sat, 29 Jun 2002 11:17:41 -0700 (PDT) Received: from darkstar.wavenet.com.br (darkstar.wavenet.com.br [200.223.81.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 789C943E0A for ; Sat, 29 Jun 2002 11:17:39 -0700 (PDT) (envelope-from jcrr@ieee.org) Received: (from root@localhost) by darkstar.wavenet.com.br (8.12.5/8.12.2) id g5TIK2TO048917; Sat, 29 Jun 2002 15:20:02 -0300 (BRT) Received: from pchome (wv-acc2-ssa-C8B06E1E.brdterra.com.br [200.176.110.30]) by darkstar.wavenet.com.br (8.12.5/8.12.2av) with SMTP id g5TIJsNI048907; Sat, 29 Jun 2002 15:19:55 -0300 (BRT) Message-ID: <001f01c21f99$3c363cc0$1e6eb0c8@pchome> From: "Joao Carlos" To: "Luigi Rizzo" , "Nielsen" Cc: "Terry Lambert" , "Ken Ebling" , References: <000801c21f1c$029cefe0$0201a8c0@Ken> <3D1D4EB3.9410011@mindspring.com> <20020629170251.65DDB43E13@mx1.FreeBSD.org> <20020629110237.A73787@iguana.icir.org> Subject: Re: ipfw/dummynet suggestion Date: Sat, 29 Jun 2002 15:17:24 -0300 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-Virus-Scanned: by AMaViS perl-10 Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG > several viruses do change the MAC address. The only real > security is to have one user per port and filter the ports. > Next step (but not as safe) is to wire down the arp table and only accept > things that are in there (will be easy to implement in the > new ipfw) I think it would be easier to deny all mac address in the ipfw rules except by those that you know, right? --- Joao Carlos jcrr@ieee.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message