Brian J. Murrell wrote: > On Thu, 2006-12-10 at 07:41 -0700, Tom Eastep wrote: >> The 'Drop' chain is generated by the Drop action which gets called because >> it is >> the default action for DROP policies >> (http://www.shorewall.net/Actions.html#id2500209). > > Indeed. > >> In other words, it gets >> called just before a DROP policy is enforced. > > Right. > >> So waiting until then to do MAC >> filtration wouldn't work because traffic from banned MAC addresses might have >> already been allowed by ACCEPT, DNAT, or REDIRECT rules. > > Agreed. > > INPUT->eth0_in->eth0_mac > >> I'll consider this an enhancement request to allow log filtration of messages >> generated by maclist and try to get something into 3.3. > > How about jumping to the Drop table right before the > > LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix > `Shorewall:eth0_mac:REJECT:'
A) There is no guarantee that there will even be a Drop chain. B) There is NEVER a Drop chain in the mangle table. So until I release a solution, you will have to use the start file. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
