From owner-freebsd-hackers Sun May 17 20:52:49 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id UAA24489 for freebsd-hackers-outgoing; Sun, 17 May 1998 20:52:49 -0700 (PDT) (envelope-from owner-freebsd-hackers@FreeBSD.ORG) Received: from mail.atipa.com (altrox.atipa.com [208.128.22.34]) by hub.freebsd.org (8.8.8/8.8.8) with SMTP id UAA24470 for ; Sun, 17 May 1998 20:52:22 -0700 (PDT) (envelope-from freebsd@atipa.com) Received: (qmail 1837 invoked by uid 1017); 18 May 1998 02:49:46 -0000 Date: Sun, 17 May 1998 20:49:46 -0600 (MDT) From: Atipa To: Terry Lambert cc: Capriotti , hackers@FreeBSD.ORG Subject: Re: DHCP In-Reply-To: <199805172046.NAA29488@usr05.primenet.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > By default, you will want to disable all ports (ports map to services), > and enable ports on a case-by-case basis, per machine. This will need to be done afer DHCP is loaded, or else you'll never get off the ground. rc.firewall I would think would need to allow lo0 packets and anything from the DHCP server, then after getting your addresses and such, build another firewall script dynamically that is more stringent. > The above all presumes, of course, that you are running the DHCP server > on the FreeBSD box, and NOT on the NT box. If you need to run the DHCP > server on the NT box, then you will be forced to buy a third party > firewall package from someone who has probably paid a *LOT* of money > to license NT source code, and wants to make that money back. Given > NT source license fees, I'd expect the price to be in the tens of > thousands of dollars. > Note: there is Samba code that allows a FreeBSD box to act as an NT > domain controller, so if the reason you have to use NT is because of > domain controller services, then you don't have to use NT like you > thought you did. This is still BETA at best, and not very useful for a production environment. Still, it is a great first step. Once it is fully functional, adminning these crap-o `95 machines will be MUCH nicer! Kevin To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message