Firewalls and RPC (was "Re: Improvement to IPFilter / nfsd in
FBSD (6.2+?)")
Garrett Cooper
youshi10 at u.washington.edu
Thu Jan 11 22:06:02 UTC 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Chuck Swiger wrote:
<snip>
> You really don't want to mix machines which are trusted with machines
> which are not trusted on the same subnet. If you can't control which
> client machines get which IPs, you pretty much cannot use firewall rules
> to restrict filesharing only to the legit clients.
Excellent point.
<snip>
> Perhaps you should consider setting up your own private subnet for your
> machines, and having a firewall guarding access to your machines which
> performs static NAT for the set of five IP addresses you've made claim to.
I'm really starting to think that'd be a good idea. Thanks again for the
comments--it really helps.
- -Garrett
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.1 (FreeBSD)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFFprRBEnKyINQw/HARAo8cAJ4sHIowqgCRbFMv6JDufsowxEDGGACePLKj
NqyrOFDj6gbTQscMws0q6zg=
=mDqk
-----END PGP SIGNATURE-----
More information about the freebsd-questions
mailing list