Looks like I have more to learn !
> Am Dienstag, den 19.07.2005, 21:18 +1200 schrieb Dave Evans:
>> If you were considering the ability to allow DNS names in rulesets, would
>> the use of (optional) permitted MAC addresses per domain name decrease
>> security risk or just be an increase in the configuration overheads with
>> real advantage ?
> Unfortunately I can't follow you in this point. What is the relationship
> of MAC addresses to domain names? To filter for MAC addresses the
> related hosts must be on the same subnet as of the firewall.
> Furthermore, it's expected that the hosts are connected via ethernet.
From my limited knowledge and expectations...
There will be a small number of (home) sites using dynamic dns themselves
that will require access to check and or update the mono config from outside
I had thought that using https://my_monowall_at_works "real
world"_IP_address would be sufficient to access it (when/if monowall is
capable of handling dns names to recognise my changed dynamic IP) but that
the known MAC address of my home firewall external NIC could be preloaded in
mono and along with the userid and password be an extra level of validation.
The domain name must be right, the userid/password must be right, and it
must also be a valid MAC address, although the IP will be different quite
Would this approach have any merit ?