Firewall Wizards mailing list archives
Re: dhcp altering firewall rules
From: Stephan <chenette () ccs neu edu>
Date: Wed, 9 May 2001 12:24:03 -0400 (EDT)
We do NAT everything. As far as firewall polcies go, we are doing egress/ingress filtering. Stephan "Securing a computer system has traditionally been a battle of wits: the penetrator tries to find holes, and the designer tries to close them." --- M. Gosser --- On Wed, 9 May 2001, George Capehart wrote:
Stephan wrote:I was hoping someone could recommend software that could interact with DHCP and my openBSD firewall rules. I don't want anyone to be able to set a static IP address and bypass DHCP to get net. I want them to have to gain their IP address dynamically from DHCP. Once they do that, I want something to open up a rule in the firewall to that IP address is now an IP address that can gain access to the outside world.I've been following this thread and up until now no one has asked the question, so I guess I will. Why it is important to expose internal IP addresses to the outside world? In some circles that is actively frowned upon. Why not do NAT on the traffic? Even SOHO firewall/routers do NAT. If you expose your inside IP addresses to the world you're just providing nmappers with a lot of free information . . . -- George W. Capehart Phone: +1 704.953.1209 Fax: +1 704.853.2624 SMS Messaging: http://www.mobile.att.net/mc/personal/pager_show.html or mailto: 7049531209 () mobile att net "Does getiud() halt the spawning of child processes?"
_______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Re: dhcp altering firewall rules Stephan (May 07)
- <Possible follow-ups>
- RE: Re: dhcp altering firewall rules Goldberg, Dan B (May 07)
- RE: Re: dhcp altering firewall rules Crispin Harris (May 08)
- Re: dhcp altering firewall rules George Capehart (May 10)
- Re: dhcp altering firewall rules Stephan (May 10)