[Shorewall-newbies] A few shorewall questions
teastep at shorewall.net
Sun Feb 22 11:31:26 PST 2004
On Sun, 22 Feb 2004, David Shepherd wrote:
> Okay, I will probably just have something that automatically restarts
> shorewall every 24 hours so that maclist will get updated every night.
> Maybe at like 5 am in the morning when our usage is low. So at least it
> is possible to have the maclist only allow the macs on its list.
> > When you said this:
> > Note though that there is nothing preventing your script from
> inserting a > rule into the chain ethN_mac where ethN is the internal
> interface used for > internet access.
> Do you mean instead of using the maclist, should I just insert rules for
> these mac addresses to allow them to access the net?
No, I mean add the MAC to the maclist file (so that it will be there if
you need to restart Shorewall) AND add the rule to the ethN_mac chain (so
that the person can immediately access the net).
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep at shorewall.net
More information about the Shorewall-newbies