[Shorewall-newbies] maclist setup

Tom Eastep teastep at shorewall.net
Mon Mar 8 19:19:51 PST 2004

On Mon, 8 Mar 2004, David Shepherd wrote:

> Thanks I will look at that, I did find a solution...I just added this to
> the start file so that it runs to allow access to the address
> which is eth0:
> iptables -I eth1_mac -d -j ACCEPT
> and eth0 doesn't have net access so they cannot get internet access...I
> will look at that other how to though...Is there anything wrong with
> what I did for a solution?

No -- that also works. What I suggest will prevent packets with
destination IP from entring eth1 in the first place.

Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep at shorewall.net

More information about the Shorewall-newbies mailing list