[Shorewall-newbies] A few shorewall questions

Tom Eastep teastep at shorewall.net
Sun Feb 22 08:06:54 PST 2004

On Sunday 22 February 2004 08:02 am, Tom Eastep wrote:
> On Sunday 22 February 2004 01:23 am, David Shepherd wrote:
> > I'm a student network administrator for the condo complex I live in.  I
> > have 2 main questions about shorewall:
> >
> > 1.)  Can the rules/policy config be updated without having to completely
> > restarting shorewall?  How would I go about doing this?  Or is this just
> > something that I shouldn't worry about?  I just get easy complaints from
> > the students that live here (being the internet is used 24-7 in a
> > college complex) if the system goes down for even a minute.  I would
> > like to prevent this.
> There is no way to do that -- but see FAQ #34
> (http://shorewall.net/FAQ.htm#faq34).
> > I will manually remove the old macs, I just want to know if
> > it's possible to add macs to a mac list for an access control.  Only
> > macs on this list are let through, kind of an opposite of blacklist.
> What you are asking is possible but again, the maclist is only rebuilt on
> "shorewall restart".

Note though that there is nothing preventing your script from inserting a rule 
into the chain ethN_mac where ethN is the internal interface used for 
internet access.

Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep at shorewall.net

More information about the Shorewall-newbies mailing list