Tom Eastep wrote: > Anyone have something on their wish list that we might want to add to 4.4?
I'd like to suggest possibility to limit meaning of interface on interfaces file so you could limit interface to certain network only. And other thing: when interface is configured to some address this way this same source address would be disabled on other interfaces by default. So that ingress and egress filtering would be done properly by netfilter. I know this kind of configuration is not optiomal for one machine only firewall configuration but it's very good for real firewall setups. Other way to get this is to change documentation for two interface and three interface guides to prefer hosts over interfaces. But I'd really like to see this done more secure way one way or another. -- Tuomo Soini <[email protected]> Foobar Linux services +358 40 5240030 Foobar Oy <http://foobar.fi/> ------------------------------------------------------------------------------ Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA -OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise -Strategies to boost innovation and cut costs with open source participation -Receive a $600 discount off the registration fee with the source code: SFAD http://p.sf.net/sfu/XcvMzF8H _______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
