Brian J. Murrell wrote: > In looking at the resulting iptables rules (-L -nv) generated by > shorewall 3.2.3 I am noticing that the eth0_mac (for an eth0 interface > with the maclist option) chain is traversed before the Drop chain, > resulting in logging what would normally be dropped (unlogged) traffic > from non-maclisted clients. i.e. broadcast noise, like SMB. > > It seems to me that the Drop (i.e. SMB noise) should happen before the > maclist test as the permission of that mac is quite irrelevant to the > fact that we want noise suppressed from the logs. > > I do want normal traffic from non-maclisted clients logged however as I > can then determine when people are dropping new hosts on the network.
The 'Drop' chain is generated by the Drop action which gets called because it is the default action for DROP policies (http://www.shorewall.net/Actions.html#id2500209). In other words, it gets called just before a DROP policy is enforced. So waiting until then to do MAC filtration wouldn't work because traffic from banned MAC addresses might have already been allowed by ACCEPT, DNAT, or REDIRECT rules. Also, when MACLIST_TABLE=mangle in shorewall.conf, MAC filtration takes place out of the Netfilter mangle table and rules in that table currently cannot invoke Drop (or any other action). I'll consider this an enhancement request to allow log filtration of messages generated by maclist and try to get something into 3.3. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
