[Oisf-users] Modifying a rule

James Moe jimoe at sohnen-moe.com
Tue Apr 28 06:30:53 UTC 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 04/27/2015 10:14 PM, Andreas Moe wrote:
> Is there any reason not to block the IP of this device, instead of
> the MAC?
> 
  There is no way to obtain the IP.
  The device gets its IP via DHCP from ... somewhere, probably
built-in to query Dish TV's network. In any case, I have no access to
it. I can see the IP by going to our TV, looking at the network
settings, but there is no guarantee it is ever the same IP.
> 
> As far as i know there is no straight forward method to blocking 
> communication based on MAC addr
> 
  Bummer. My only option then is to disable the SID.
> 
> Also, seeing that this signature should detect something coming
> from EXTERNAL_NET to HOME_NET and the unit you described seems to
> be a unit that is on your HOME_NET.
> 
  No, it is not on the HOME_NET. I have two wi-fi access points: One
provides only a path to the Internet with no connection to the local
net. The other access point does connect to the local net. The
receiver is on the first access point, hence an EXTERNAL_NET.
> 
> Then my question is: have you set your HOME_NET and EXTERNAL_NET
> variables?
> 
  Yes, I have.
    HOME_NET: "[192.168.69.0/24]"
    EXTERNAL_NET: "!$HOME_NET"

- -- 
James Moe
moe dot james at sohnen-moe dot com
520.743.3936
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iEYEARECAAYFAlU/KR0ACgkQzTcr8Prq0ZNY6ACcCafP42h4o4QNdIhwmXI3XScQ
HhMAoKG/9B/FCPYcfz7kzfdqGp7dOhbg
=Lvo1
-----END PGP SIGNATURE-----



More information about the Oisf-users mailing list