In looking at the resulting iptables rules (-L -nv) generated by shorewall 3.2.3 I am noticing that the eth0_mac (for an eth0 interface with the maclist option) chain is traversed before the Drop chain, resulting in logging what would normally be dropped (unlogged) traffic from non-maclisted clients. i.e. broadcast noise, like SMB.
It seems to me that the Drop (i.e. SMB noise) should happen before the maclist test as the permission of that mac is quite irrelevant to the fact that we want noise suppressed from the logs. I do want normal traffic from non-maclisted clients logged however as I can then determine when people are dropping new hosts on the network. Thoughts? b. -- My other computer is your Microsoft Windows server. Brian J. Murrell
signature.asc
Description: This is a digitally signed message part
------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
