Steven Jan Springl wrote: > On Thursday 07 June 2007 22:31, Steven Jan Springl wrote: >> On Thursday 07 June 2007 21:16, Tom Eastep wrote: >>> Steven Jan Springl wrote: >>>> The 'optional' option works. >>>> I will test the 'maclist' option and shorewall-shell and get back to >>>> you. >>> Thanks! >>> -Tom >> Tom >> >> The 'maclist' option works with a bridge that does not have an IP address. >> >> When the bridge does not have an IP address, shorewall-shell produces the >> following message: >> >> ERROR: Interface br0 must be up before Shorewall can start. >> >> Steven. >> >> > Tom > > An update to the above. > > When bridge br0 does not have an IP address and interfaces contains the > following entry: > > lan br0 - bridge,optional,maclist > > Shorewall-perl works. Adding the option 'detectnets' produces the following > error: > > ERROR: No hosts on br0 have the maclist option > specified : /etc/shorewall/maclist ( line 11 ) > > This does not happen when br0 has an IP address.
A rather odd-ball case. 'detectnets' is never going to work right on an interface with no IP address. Nevertheless, I've hacked around it (untested) in r6483. Note that there will be *no* MAC verification performed with this silly combination of configuration and options. Thanks. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
_______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
