Wed, 10 Apr 2002 14:51:44 -0400
> Since you have used "-" as the zone for eth0 in the interfaces file, you
> have to define 'net' somewhere and that 'somewhere' is in the hosts file.
> The documentation that you quoted about the zone contents defaulting to
> all hosts interfacing through a set of interfaces doesn't apply in this
> > While I'm at it, how can I deny rfc1918 ip's in my net zone and
> still accept
> > them in the others? The only thing I've come up with is to filter
> > everything in loc by mac address too.
> I don't see where MAC filtering will help. What threat are you trying to
> protect yourself from?
MAC filtering my loc zone wouldn't keep anyone out of say, my web server,
but it just seems like anything I can do to make sure local users really are
who they say they are would be a good idea. It would be neat if I could
restrict my net zone in my hosts file with something like:
net eth0:0.0.0.0/0 norfc1918
If not, then maybe this would be something worth adding?