On Thu, 2006-12-10 at 13:59 -0700, Tom Eastep wrote: > > > I wonder if that's "the right thing" to do though. I'd think letting > > people define what traffic they don't want to log using the existing > > macros even if they want, would not be better. > > I'll await your patch then that allows using macros and actions in the > Netfilter > mangle table. You keep ignoring the fact that MAC filtration can occur in that > table too.
Probably because that's not my particular itch. :-) I'm not trying to be difficult though, just trying to offer POV. Perhaps more functionality can be offered to those willing to do the MAC authentication in the filter table? I think there are other such tradeoffs in shorewall isn't there? > And remember that REJECT isn't even allowed in the mangle table so the > existing > Drop action (which rejects Auth) can't be directly used there even if > Shorewall > supported mangle actions. I've not really done much with the mangle table directly with iptables, so I can only plead ignorance and defer to you on that. b. -- My other computer is your Microsoft Windows server. Brian J. Murrell
signature.asc
Description: This is a digitally signed message part
------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
