Home page logo

firewall-wizards logo Firewall Wizards mailing list archives

Re: dhcp altering firewall rules
From: George Capehart <capegeo () opengroup org>
Date: Wed, 09 May 2001 06:41:41 +0800

Stephan wrote:

I was hoping someone could recommend software that could interact with
DHCP and my openBSD firewall rules. I don't want anyone to be able to set
a static IP address and bypass DHCP to get net. I want them to have to
gain their IP address dynamically from DHCP. Once they do that, I want
something to open up a rule in the firewall to that IP address is now an
IP address that can gain access to the outside world.

I've been following this thread and up until now no one has asked the
question, so I guess I will.  Why it is important to expose internal IP
addresses to the outside world?  In some circles that is actively
frowned upon.  Why not do NAT on the traffic?  Even SOHO
firewall/routers do NAT.  If you expose your inside IP addresses to the
world you're just providing nmappers with a lot of free information . .
George W. Capehart                               Phone:  +1 704.953.1209
                                                   Fax:  +1 704.853.2624

SMS Messaging:  http://www.mobile.att.net/mc/personal/pager_show.html
                mailto:  7049531209 () mobile att net

"Does getiud() halt the spawning of child processes?"
firewall-wizards mailing list
firewall-wizards () nfr com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]