[Oisf-users] Modifying a rule

James Moe jimoe at sohnen-moe.com
Tue Apr 28 06:30:53 UTC 2015

Hash: SHA1

On 04/27/2015 10:14 PM, Andreas Moe wrote:
> Is there any reason not to block the IP of this device, instead of
> the MAC?
  There is no way to obtain the IP.
  The device gets its IP via DHCP from ... somewhere, probably
built-in to query Dish TV's network. In any case, I have no access to
it. I can see the IP by going to our TV, looking at the network
settings, but there is no guarantee it is ever the same IP.
> As far as i know there is no straight forward method to blocking 
> communication based on MAC addr
  Bummer. My only option then is to disable the SID.
> Also, seeing that this signature should detect something coming
> from EXTERNAL_NET to HOME_NET and the unit you described seems to
> be a unit that is on your HOME_NET.
  No, it is not on the HOME_NET. I have two wi-fi access points: One
provides only a path to the Internet with no connection to the local
net. The other access point does connect to the local net. The
receiver is on the first access point, hence an EXTERNAL_NET.
> Then my question is: have you set your HOME_NET and EXTERNAL_NET
> variables?
  Yes, I have.
    HOME_NET: "[]"

- -- 
James Moe
moe dot james at sohnen-moe dot com
Version: GnuPG v2


More information about the Oisf-users mailing list