[ previous ] [ next ] [ threads ]
 
 From:  "Dave Evans" <dave dot whangarei at gmail dot com>
 To:  "Peter Allgeyer" <allgeyer at web dot de>
 Cc:  "Monowall List" <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] How to track a changing external IP to accessthewebGUI
 Date:  Wed, 20 Jul 2005 01:19:19 +1200
Hi Peter,

Looks like I have more to learn !

> Am Dienstag, den 19.07.2005, 21:18 +1200 schrieb Dave Evans:
>> If you were considering the ability to allow DNS names in rulesets, would
>> the use of (optional) permitted MAC addresses per domain name decrease 
>> the
>> security risk or just be an increase in the configuration overheads with 
>> no
>> real advantage ?
>
> Unfortunately I can't follow you in this point. What is the relationship
> of MAC addresses to domain names? To filter for MAC addresses the
> related hosts must be on the same subnet as of the firewall.
> Furthermore, it's expected that the hosts are connected via ethernet.

From my limited knowledge and expectations...

There will be a small number of (home) sites using dynamic dns themselves 
that will require access to check and or update the mono config from outside 
for work.
I had thought that using https://my_monowall_at_works "real 
world"_IP_address would be sufficient to access it (when/if monowall is 
capable of handling dns names to recognise my changed dynamic IP) but that 
the known MAC address of my home firewall external NIC could be preloaded in 
mono and along with the userid and password be an extra level of validation. 
The domain name must be right, the userid/password must be right, and it 
must also be a valid MAC address, although the IP will be different quite 
often.

Would this approach have any merit ?