Mmm.. secure NFS. Hope that happens.
Anyway, I got snookered into trying to build a bridge firewall for our wireless network. At this point, I can do a bridge or a firewall, but a bridge firewall is currently not working. I guess I have to patch the kernel to bring the bridging code up a layer and push the whole mess through an IP filter of some kind (ipchains, iptables, ipfilter)
We want to be able to filter out data from unknown MAC addresses. This is possible to do directly on the wireless gateways, but that would require keeping several boxes in sync, and those things have fairly limited amounts of memory, so keeping large tables of addresses is not easy to do.
I'm not sure how possible this is. If *BSD can do it, maybe that will finally convince me to try it. However, it may just be easier to re-number a subnet and use a more traditional router setup.
Linux 2.4 is the only OS I know of that has built-in filters for MAC addresses. Of course, I only took a very quick look at IP Filter.. Perhaps there's something obvious that I'm missing.
Posted by mike at June 7, 2001 09:39 PM | Old Advogato Diary | TrackBack