[Courses] [Security] Firewalls: Ipchains syntax and implementation

[Terri Oda]

At 10:32 PM 09/04/02 -0700, you wrote:
>At 4/9/02 10:18 PM , Raven, corporate courtesan wrote:
>> > I admit I'm used to the Windows world. We never had problems with NT
>> > Workstations losing their leases if the machines were on -- they renew
>> > automatically.
>>         With Linux, some dhcp clients do and some don't, I think.  I'm
>>not terribly experienced with this one, since the only *nix workstations
>>tended to be the admin boxes with static IPs.
>I must admit, this is the boat I'm in, too. IME, *nix boxes have always 
>had static IPs. Of course, I know that this isn't universal -- lots of 
>people have connected Linux boxes to their old-style ISP using PPP -- it's 
>just that I've personally never run into a dynamic-IPed *nix box.

I've never had *too* much trouble with the dynamic ips themselves... The 
problem is more in the assumption that *nix boxes will have static ips.  I 
know at one place I worked, they switched from static to dynamic and every 
time we had to move a machine around (physically) the person using it 
wouldn't be able to get in to CVS anymore because the authorization 
required the IP to be the same.  I'm sure something else could have been 
worked out, but for the little bit of trouble caused, we mostly just got 
the poor guy maintaining the cvs server to update our ips manually.

I guess the moral of the story is don't make a change from static to 
dynamic unless you've got reason to, since those assumptions may be being 
made.  I don't know why they'd changed the policy, but I do know it wasted 
time for us.  I hope it was saving time for someone and not just "Oh, yeah, 
this is better" with no real reason.

This is true of any change you make to an existing setup, really.

  Terri