Tom Eastep wrote: > Steven Jan Springl wrote: >> On Thursday 07 June 2007 22:31, Steven Jan Springl wrote: >>> On Thursday 07 June 2007 21:16, Tom Eastep wrote: >>>> Steven Jan Springl wrote: >>>>> The 'optional' option works. >>>>> I will test the 'maclist' option and shorewall-shell and get back to >>>>> you. >>>> Thanks! >>>> -Tom >>> Tom >>> >>> The 'maclist' option works with a bridge that does not have an IP address. >>> >>> When the bridge does not have an IP address, shorewall-shell produces the >>> following message: >>> >>> ERROR: Interface br0 must be up before Shorewall can start. >>> >>> Steven. >>> >>> >> Tom >> >> An update to the above. >> >> When bridge br0 does not have an IP address and interfaces contains the >> following entry: >> >> lan br0 - bridge,optional,maclist >> >> Shorewall-perl works. Adding the option 'detectnets' produces the following >> error: >> >> ERROR: No hosts on br0 have the maclist option >> specified : /etc/shorewall/maclist ( line 11 ) >> >> This does not happen when br0 has an IP address. > > A rather odd-ball case. 'detectnets' is never going to work right on an > interface with no IP address. Nevertheless, I've hacked around it (untested) > in r6483. > > Note that there will be *no* MAC verification performed with this silly > combination of configuration and options.
Note that there is another configuration problem here. If the bridge is not going to have an IP address, then it makes no sense to have a zone (lan) in the ZONE column. In the absense of an IP address, no IP traffic can flow to/from the firewall or any of its interfaces to/from that bridge. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
_______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
