In shorewall, it is simple to use mac addresses for firewalling.
In /etc/shorewall/rules, to accept say ftp from the net to a server in
the dmz:
ACCEPT net dmz tcp 21
But, say you want only a specific host to have ftp access, say your
buddy, who has some mac like 02:00:08:E3:FA:58 (for
It's possible to take an interface's MAC layer address and change it
arbitrarily. One would also need to worry about ARP attacks.
Unfortunately, I think you'd have the same amount of security with MAC
layer filtering as you would with IP filtering.
Ryan
(for instance)
I am setting up a wireless card under Bering and I wanted to provide limited
access to it. But because I know that eventually the WEP will be cracked
and someone will get an IP address from the DHCPd server, I want to know if
I can redirect all traffic from (example) 192.168.2.0 except
What might work even better would be to match on MAC layer address.
This doesn't protect you from somone spoofing one of your friends MAC
addresses ... if you're concerned about that, I'd recommend making all
connections go through a VPN, where you can authenticate the user prior
to them being
Sorry ... to expand on the last email I sent, the kind of ipsec
connection you'd want to make is host to subnet or the famous 'Road
Warrior' configuration.
More info here (among other places):
http://leaf.sourceforge.net/devel/mohansundaram/Bering%20VPN%20Howto.htm
Ryan
Joey Officer wrote:
PROTECTED]
To: Leaf-User [EMAIL PROTECTED]
Sent: Thursday, December 04, 2003 7:45 AM
Subject: [leaf-user] DNS Redirection
I am setting up a wireless card under Bering and I wanted to provide limited
access to it. But because I know that eventually the WEP will be cracked
and someone will get an IP
Joey
Joey Officer wrote the following at 15:45 04.12.2003:
I am setting up a wireless card under Bering and I wanted to provide limited
access to it. But because I know that eventually the WEP will be cracked
and someone will get an IP address from the DHCPd server, I want to know if
I can