[Shorewall-newbies] maclist setup

Tom Eastep teastep at shorewall.net
Mon Mar 8 19:19:51 PST 2004


On Mon, 8 Mar 2004, David Shepherd wrote:

> Thanks I will look at that, I did find a solution...I just added this to
> the start file so that it runs to allow access to the 10.1.1.1 address
> which is eth0:
>
> iptables -I eth1_mac -d 10.1.1.1 -j ACCEPT
>
> and eth0 doesn't have net access so they cannot get internet access...I
> will look at that other how to though...Is there anything wrong with
> what I did for a solution?
>

No -- that also works. What I suggest will prevent packets with
destination IP 10.1.1.1 from entring eth1 in the first place.

-Tom
--
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep at shorewall.net


More information about the Shorewall-newbies mailing list