Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: dhcp altering firewall rules

From: Stephan <chenette () ccs neu edu>
Date: Wed, 9 May 2001 12:24:03 -0400 (EDT)

We do NAT everything. As far as firewall polcies go, we are doing
egress/ingress filtering.

Stephan

"Securing a computer system has traditionally been a battle of wits:
the penetrator tries to find holes, and the designer tries to close them."
--- M. Gosser ---

On Wed, 9 May 2001, George Capehart wrote:


Stephan wrote:


I was hoping someone could recommend software that could interact with
DHCP and my openBSD firewall rules. I don't want anyone to be able to set
a static IP address and bypass DHCP to get net. I want them to have to
gain their IP address dynamically from DHCP. Once they do that, I want
something to open up a rule in the firewall to that IP address is now an
IP address that can gain access to the outside world.



I've been following this thread and up until now no one has asked the
question, so I guess I will.  Why it is important to expose internal IP
addresses to the outside world?  In some circles that is actively
frowned upon.  Why not do NAT on the traffic?  Even SOHO
firewall/routers do NAT.  If you expose your inside IP addresses to the
world you're just providing nmappers with a lot of free information . .
.
--
George W. Capehart                               Phone:  +1 704.953.1209
                                                   Fax:  +1 704.853.2624

SMS Messaging:  http://www.mobile.att.net/mc/personal/pager_show.html
                or
                mailto:  7049531209 () mobile att net

"Does getiud() halt the spawning of child processes?"



_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: