[Shorewall-newbies] SOURCE in rules
jalmeida at math.ist.utl.pt
Mon Dec 8 19:24:18 PST 2003
On Mon, 8 Dec 2003, Francesca C Smith wrote:
> 1: Use two rules
> ACCEPT net:~some_mac net fw tcp 22
> ACCEPT net:some_ip net fw tcp 22
The doc at http://www.shorewall.net/Documentation.htm#Rules suggest that
a comma separated list would be OK, but I was not sure whether the
qualifiers have cummulative effect or are alternatives...
> 2. Use the maclist functionality to do this ..
> The later link seems to be a bit hard to find ..
Actually, I had found it :)
But I want to force MAC verification only for connections to certain
ports, not for all connections from the net zone to the fw zone. That is
why the natural place for this directive would appear to be the rules
file. If this is not possible, maybe a possible solution would be to
define a special zone including the computers which should be subject
to MAC verification; since this special zone and net would both correspond to eth0, they had to be defined in the hosts file; the problem is: how can I define the net zone, which corresponds to all NICs except the ones corresponding to the special zone?
More information about the Shorewall-newbies