Date: Thu, 11 Jan 2007 14:04:20 -0800 From: Garrett Cooper <youshi10@u.washington.edu> To: freebsd-questions@freebsd.org Subject: Re: Firewalls and RPC (was "Re: Improvement to IPFilter / nfsd in FBSD (6.2+?)") Message-ID: <45A6B464.5080107@u.washington.edu> In-Reply-To: <DC46B12E-FF56-4C9E-9047-45C034BD55B6@mac.com> References: <45A688C0.2020506@u.washington.edu> <B0288AAB-3220-43C5-AA0D-974F620D103B@mac.com> <45A6A3EF.5030101@u.washington.edu> <1BB74CBD-0BEA-43C7-8635-01AFB790A5AA@mac.com> <45A6B138.7000409@u.washington.edu> <DC46B12E-FF56-4C9E-9047-45C034BD55B6@mac.com>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Chuck Swiger wrote: <snip> > You really don't want to mix machines which are trusted with machines > which are not trusted on the same subnet. If you can't control which > client machines get which IPs, you pretty much cannot use firewall rules > to restrict filesharing only to the legit clients. Excellent point. <snip> > Perhaps you should consider setting up your own private subnet for your > machines, and having a firewall guarding access to your machines which > performs static NAT for the set of five IP addresses you've made claim to. I'm really starting to think that'd be a good idea. Thanks again for the comments--it really helps. - -Garrett -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.1 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFprRBEnKyINQw/HARAo8cAJ4sHIowqgCRbFMv6JDufsowxEDGGACePLKj NqyrOFDj6gbTQscMws0q6zg= =mDqk -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?45A6B464.5080107>