[Shorewall-newbies] A few shorewall questions

Tom Eastep teastep at shorewall.net
Sun Feb 22 11:31:26 PST 2004

On Sun, 22 Feb 2004, David Shepherd wrote:

> Okay, I will probably just have something that automatically restarts
> shorewall every 24 hours so that maclist will get updated every night.
> Maybe at like 5 am in the morning when our usage is low.  So at least it
> is possible to have the maclist only allow the macs on its list.
> > When you said this:
> > Note though that there is nothing preventing your script from
> inserting a > rule into the chain ethN_mac where ethN is the internal
> interface used for > internet access.
> Do you mean instead of using the maclist, should I just insert rules for
> these mac addresses to allow them to access the net?

No, I mean add the MAC to the maclist file (so that it will be there if
you need to restart Shorewall) AND add the rule to the ethN_mac chain (so
that the person can immediately access the net).

Tom Eastep
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep at shorewall.net

