On Tue, Jun 29, 2004 at 02:09:36PM +0545, Ritesh Raj Sarraf wrote: > I think I've got a little confused. For example I hit the following: > > iptables -P FORWARD DROP > iptables -A FORWARD -s xx:xx:xx:xx -o eth0 -j MASQUERADE > xx would be the hardware address. > Now wouldn't he be able to change the ip and still be connected because he still has > the same hardware mac address and consume more bandwidth. Note: I limit bandwidth on > ip basis using rshaper. > If i'm not wrong, the solution I feel is to block bandwidth on MAC address. If later > the customer tries changing the ethernet card, my iptable rule won't allow packets > to be forwarded. Right ? > > I think I'm right now. > Thanks for all helpful suggestions. > > Ritesh Hi Ritesh, exactly which kind of security does this place have? you expect people to gain administrative access to change ip settings and people to open up pc to change network cards? I think you either have more problems that bandwidth or you are just being to paranoid. -Kev
signature.asc
Description: Digital signature
