mailing list archives
Re: dhcp altering firewall rules
From: Stephan <chenette () ccs neu edu>
Date: Wed, 9 May 2001 12:24:03 -0400 (EDT)
We do NAT everything. As far as firewall polcies go, we are doing
"Securing a computer system has traditionally been a battle of wits:
the penetrator tries to find holes, and the designer tries to close them."
--- M. Gosser ---
On Wed, 9 May 2001, George Capehart wrote:
I was hoping someone could recommend software that could interact with
DHCP and my openBSD firewall rules. I don't want anyone to be able to set
a static IP address and bypass DHCP to get net. I want them to have to
gain their IP address dynamically from DHCP. Once they do that, I want
something to open up a rule in the firewall to that IP address is now an
IP address that can gain access to the outside world.
I've been following this thread and up until now no one has asked the
question, so I guess I will. Why it is important to expose internal IP
addresses to the outside world? In some circles that is actively
frowned upon. Why not do NAT on the traffic? Even SOHO
firewall/routers do NAT. If you expose your inside IP addresses to the
world you're just providing nmappers with a lot of free information . .
George W. Capehart Phone: +1 704.953.1209
Fax: +1 704.853.2624
SMS Messaging: http://www.mobile.att.net/mc/personal/pager_show.html
mailto: 7049531209 () mobile att net
"Does getiud() halt the spawning of child processes?"
firewall-wizards mailing list
firewall-wizards () nfr com