On 9/4/12 3:30 PM, Mr Dash Four wrote: > > The outstanding issues are how you decide to tackle the 'dhcp' option > in interfaces, specifying multiple UIDs separated with commas within > a rule, as well as including an option in shorewall-init to compile > the shorewall script prior to executing it. I think that's about it. > Have I missed anything? >
Regarding the 'dhcp' option, I wonder if it should be deprecated in favor of new 'dhcpclient' and 'dhcpserver' options; both of the new options would optionally accept an address list. Without knowing whether an interface gets its IP address via DHCP or whether a DHCP server on the router provides DHCP services to the network connected to an interface, unneeded rules must to be generated. I suppose that an alternative would be to assume that the router is a DHCP client when an IP list is specified to the existing 'dhcp' option. Opinions welcome. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
