I guess you need to explain why for us normal users.
if DHCP gives out the IP address, wouldn’t a block list help? And if the IP address is set statically, wouldn’t nft blocking the IP also help?
I think it would be a 2 step approach. DHCP + NFT
I guess you need to explain why for us normal users.
if DHCP gives out the IP address, wouldn’t a block list help? And if the IP address is set statically, wouldn’t nft blocking the IP also help?
I think it would be a 2 step approach. DHCP + NFT
DHCP will not block anyone with the capabilities of accessing your server.
NFT can - but NFT is not part of DHCP or it’s services. And NFT is easily overcome by spoofing MAC adresses…
That’s all I’m trying to say.
So please stop trying Firewall component arguments against DHCP.
DHCP has the role to offer IP adresses to clients requesting them This can be spoofed easily by anyone with the knowledge - or access to Google…
A simple script, changing MAC and IPs every 10 minutes, let’s see any DHCP block that!
DHCP never has had the duty to block, ban or kick someone, a host or whatever - and never will, as that is not it’s duty.
I am NOT against any security features in NethSecurity.
But DHCP is NOT a Security feature and never will be. It can’t block any potential attacker with a meagre subset of capabilities…
A firewall has always had the duty of protecting networks, limiting access (in both directions!).
Maybe read in detail about how easy MAC spoofing is…
My 2 cents
Andy
Maybe usefull
Useful could be setup a SMTP.
-send email notification
-use as LAN SMTP to send other’s servers notifications.
-Disk health status and notification.
-Pre configured rules models of common firewall usage.
There is already a notification both in the Dashboard and the Updates page: Updates — NethSecurity documentation
It’s already there but without a UI: Mail notifications (SMTP) — NethSecurity documentation
I ment a message by email.
I’ve seen the notification, but you always need to login to see if there is an image update available