Date: Sat, 29 Jun 2002 11:02:37 -0700 From: Luigi Rizzo <rizzo@icir.org> To: Nielsen <nielsen@memberwebs.com> Cc: Terry Lambert <tlambert2@mindspring.com>, Ken Ebling <kebling@us-it.net>, freebsd-hackers@FreeBSD.ORG Subject: Re: ipfw/dummynet suggestion Message-ID: <20020629110237.A73787@iguana.icir.org> In-Reply-To: <20020629170251.65DDB43E13@mx1.FreeBSD.org>; from nielsen@memberwebs.com on Sat, Jun 29, 2002 at 10:02:51AM -0700 References: <000801c21f1c$029cefe0$0201a8c0@Ken> <3D1D4EB3.9410011@mindspring.com> <20020629170251.65DDB43E13@mx1.FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Jun 29, 2002 at 10:02:51AM -0700, Nielsen wrote: > Usually remote MAC address. It's used for restricting users on a subnet. I > have an ugly hack that does this at present and am looking forward to the > MAC address support. Yes, I know users can conceivably change their MAC THERE IS MAC SUPPORT IN THE NEW IPFW!!! > addresses but most would never know how. They change their IP addresses to several viruses do change the MAC address. The only real security is to have one user per port and filter the ports. Next step (but not as safe) is to wire down the arp table and only accept things that are in there (will be easy to implement in the new ipfw) cheers luigi To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020629110237.A73787>