On Wed, Jul 04, 2001 at 09:48:20PM -0700, Wolfgang Rupprecht wrote:
> For one thing, I'm still afraid to allow an0 to be an "internal"
> interface without the full firewall rules active.  Nowhere can I find
> any assurances that only WEP packets will be accepted when WEP is
> active.  (I was hoping that automated daily WEP key changes would
> allow me to NFS mount home directories.)

Umm... WEP's not buying you much security anyway. Certainly not
enough to trust NFS of anything important unless it's also going
over IPSec or an ssh tunnel.

See http://www.isaac.cs.berkeley.edu/isaac/wep-faq.html

(When I still had a working laptop--anybody got a spare screen for a
Thinkpad 760ED?--I was using WEP strictly for authentication, where
it's still somewhat useful, to keep unwanted users off the network
reasonably well, and I'd recommend that's all you trust it for
too.)

-- 
       ~ g r @ eclipsed.net