Having that degree of granularity at the mac level darn sure eliminates ip spoofing as a root cause of security breech...until someone comes up with mac spoofing.
> -----Original Message----- > From: Tanner Lovelace [mailto:[EMAIL PROTECTED]] > Sent: Friday, January 03, 2003 11:34 AM > To: [EMAIL PROTECTED] > Subject: RE: [TriLUG] fIREWALL QUESTION > > On Fri, 2003-01-03 at 11:30, Jim Ray wrote: > > Please correct me if I'm wrong; however, me thinks firewalls in general > > do not operate at the arp/mac level but rather ip and the next layer > > (tcp, udp). All the arp/mac stuff takes place at a lower network layer > > and should not enter the firewall picture at all. > > > > I've never seen any settings for arp/mac stuff in any firewall I've ever > > used. Plenty of settings for ip and port stuff, though. > > Actually, what I think he meant was, can a linux box ask for and > receive packets for a particular mac address (presumably not its > own) and then once it has them, subject them to its firewall setup. > > Ryan, I've never done it myself, but you might try looking for > something called proxyarp. I think that will do what you want. > > Good luck, > Tanner > -- > Tanner Lovelace | lovelace(at)wayfarer.org | http://wtl.wayfarer.org/ > --*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*-- > GPG Fingerprint = A66C 8660 924F 5F8C 71DA BDD0 CE09 4F8E DE76 39D4 > GPG Key can be found at http://wtl.wayfarer.org/lovelace.gpg.asc > --*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*-- > Those who are willing to sacrifice essential liberties for a little > order, will lose both and deserve neither. -- Benjamin Franklin > > History teaches that grave threats to liberty often come in times > of urgency, when constitutional rights seem too extravagant to > endure. -- Justice Thurgood Marshall, 1989 _______________________________________________ TriLUG mailing list http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ: http://www.trilug.org/~lovelace/faq/TriLUG-faq.html
