Short Wishlist for NethSecurity

@Andy_Wismer

I guess you need to explain why for us normal users.

if DHCP gives out the IP address, wouldn’t a block list help? And if the IP address is set statically, wouldn’t nft blocking the IP also help?

I think it would be a 2 step approach. DHCP + NFT

DHCP will not block anyone with the capabilities of accessing your server.

NFT can - but NFT is not part of DHCP or it’s services. And NFT is easily overcome by spoofing MAC adresses…

That’s all I’m trying to say.

So please stop trying Firewall component arguments against DHCP.

DHCP has the role to offer IP adresses to clients requesting them This can be spoofed easily by anyone with the knowledge - or access to Google…
A simple script, changing MAC and IPs every 10 minutes, let’s see any DHCP block that!
DHCP never has had the duty to block, ban or kick someone, a host or whatever - and never will, as that is not it’s duty.

I am NOT against any security features in NethSecurity.
But DHCP is NOT a Security feature and never will be. It can’t block any potential attacker with a meagre subset of capabilities…

A firewall has always had the duty of protecting networks, limiting access (in both directions!).

Maybe read in detail about how easy MAC spoofing is…

My 2 cents
Andy

Maybe usefull

  • notification of an update of the image
  • history of the automatic updates. Now you only see it is uptodate but can not see what have been updated lately etc…

Useful could be setup a SMTP.
-send email notification
-use as LAN SMTPP to send other’s servers notifications.
-Disk health status and notification.
-Pre configured rules models of common firewall usage.

2 Likes