On 01/02/2013 10:37 AM, Tom Eastep wrote: > > > > -------- Original Message -------- > Subject: Re: [Shorewall-users] Protecting hosts from each other > Date: Wed, 02 Jan 2013 09:36:42 -0800 > From: Tom Eastep <[email protected]> > Reply-To: Shorewall Users <[email protected]> > To: [email protected] > > On 01/02/2013 07:02 AM, Mr Dash Four wrote: >> >>> Shorewall can't help you in the case of a bridge -- neither can >>> routefilter. You would have to use arptables to prevent a misconfigured >>> host from hijacking your network. >>> >> Which is exactly why I use arptables to "manually" craft my INPUT, >> OUTPUT and FORWARD arptables chains (in shorewall's "started") - these >> chain definitions are very similar to their corresponding counterparts >> in iptables, and there is even arptables-restore, using the same format >> as iptables-restore, to restore arptables chains. >> >> There is a proposal I've made a while ago for such functionality to be >> included as part of shorewall (a bit like "rules" for arptables, if you >> like) as I think it would be beneficial to everyone. > > Something like this? > > http://www1.shorewall.net/manpages/shorewall-arprules.html > > Comments welcome,
One additional note: I would require that either SOURCE or DEST be specified. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Master Java SE, Java EE, Eclipse, Spring, Hibernate, JavaScript, jQuery and much more. Keep your Java skills current with LearnJavaNow - 200+ hours of step-by-step video tutorials by Java experts. SALE $49.99 this month only -- learn more at: http://p.sf.net/sfu/learnmore_122612
_______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
