[TriLUG] fIREWALL QUESTION
Jim Ray
jim at neuse.net
Fri Jan 3 11:36:50 EST 2003
Having that degree of granularity at the mac level darn sure eliminates
ip spoofing as a root cause of security breech...until someone comes up
with mac spoofing.
> -----Original Message-----
> From: Tanner Lovelace [mailto:lovelace at wayfarer.org]
> Sent: Friday, January 03, 2003 11:34 AM
> To: trilug at trilug.org
> Subject: RE: [TriLUG] fIREWALL QUESTION
>
> On Fri, 2003-01-03 at 11:30, Jim Ray wrote:
> > Please correct me if I'm wrong; however, me thinks firewalls in
general
> > do not operate at the arp/mac level but rather ip and the next layer
> > (tcp, udp). All the arp/mac stuff takes place at a lower network
layer
> > and should not enter the firewall picture at all.
> >
> > I've never seen any settings for arp/mac stuff in any firewall I've
ever
> > used. Plenty of settings for ip and port stuff, though.
>
> Actually, what I think he meant was, can a linux box ask for and
> receive packets for a particular mac address (presumably not its
> own) and then once it has them, subject them to its firewall setup.
>
> Ryan, I've never done it myself, but you might try looking for
> something called proxyarp. I think that will do what you want.
>
> Good luck,
> Tanner
> --
> Tanner Lovelace | lovelace(at)wayfarer.org | http://wtl.wayfarer.org/
> --*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--
> GPG Fingerprint = A66C 8660 924F 5F8C 71DA BDD0 CE09 4F8E DE76 39D4
> GPG Key can be found at http://wtl.wayfarer.org/lovelace.gpg.asc
> --*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--
> Those who are willing to sacrifice essential liberties for a little
> order, will lose both and deserve neither. -- Benjamin Franklin
>
> History teaches that grave threats to liberty often come in times
> of urgency, when constitutional rights seem too extravagant to
> endure. -- Justice Thurgood Marshall, 1989
More information about the TriLUG
mailing list