[Shorewall-newbies] A few shorewall questions
sdave at ufl.edu
Sun Feb 22 11:40:34 PST 2004
What is the ethN_mac chain? What file is that or how do I go about
doing that? I'm going to do some searching on your website for it but
if you could point me in the right direction that would be great. I am
very new to this and I appreciate your quick responses.
From: Tom Eastep [mailto:teastep at shorewall.net]
Sent: Sunday, February 22, 2004 2:31 PM
To: David Shepherd
Cc: shorewall-newbies at lists.shorewall.net
Subject: RE: [Shorewall-newbies] A few shorewall questions
On Sun, 22 Feb 2004, David Shepherd wrote:
> Okay, I will probably just have something that automatically restarts
> shorewall every 24 hours so that maclist will get updated every night.
> Maybe at like 5 am in the morning when our usage is low. So at least
> is possible to have the maclist only allow the macs on its list.
> > When you said this:
> > Note though that there is nothing preventing your script from
> inserting a > rule into the chain ethN_mac where ethN is the internal
> interface used for > internet access.
> Do you mean instead of using the maclist, should I just insert rules
> these mac addresses to allow them to access the net?
No, I mean add the MAC to the maclist file (so that it will be there if
you need to restart Shorewall) AND add the rule to the ethN_mac chain
that the person can immediately access the net).
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep at shorewall.net
More information about the Shorewall-newbies