[Shorewall-users] [Fwd: Re: [Shorewall-devel] An idea]
18 Jan 2002 16:36:27 -0800
Oops! It was meant for the list. Sorry. See message below
Content-Description: Forwarded message - Re: [Shorewall-devel] An idea
Subject: Re: [Shorewall-devel] An idea
From: Pascal DeMilly <firstname.lastname@example.org>
To: Tom Eastep <email@example.com>
Date: 18 Jan 2002 11:58:12 -0800
Could it be the right place to add MAC matching. So if an address looks
like a MAC address it could be filtered ?
Just an idea!
On Fri, 2002-01-18 at 09:08, Tom Eastep wrote:
> A recent request to provide a way to block access to certain websites (banner
> ads) led me to an idea.
> a) A new directory /etc/shorewall/lists
> b) In this directory, are files containing lists of IP addresses and/or
> c) a new JUMP rule:
> JUMP:list1 loc net tcp http
> d) By default, matching in the list would be by destination address and if a
> match was found, the connection request would be REJECTed
> e) The default behavior could be overridden through entries in a list:
> for example would match on the source address and would accept the
> connection request.
> f) Multiple match and disposition specifications could be in a file:
> would accept requests from 126.96.36.199 and from 188.8.131.52/24 and would reject
> all other requests.
> g) Lists could themselves have JUMP commands embedded (iptables catches
> We might also consider jump as a possible disposition for a list:
> so that a logical ANDing of two lists could be implemented by the user.
> h) "shorewall refresh" would refresh the list contents. Each list would
> cause a chain with the same name to be created and JUMP rules would
> simply cause a jump to the corresponding chain.
> Are any of you interested in implementing such a thing? If so, let me know.
> Tom Eastep \ A Firewall for Linux 2.4.*
> AIM: tmeastep \ http://www.shorewall.net
> ICQ: #60745924 \ firstname.lastname@example.org
> Shorewall-devel mailing list