Brian J. Murrell wrote: > On Thu, 2006-12-10 at 13:59 -0700, Tom Eastep wrote: >> >>> I wonder if that's "the right thing" to do though. I'd think letting >>> people define what traffic they don't want to log using the existing >>> macros even if they want, would not be better. >> I'll await your patch then that allows using macros and actions in the >> Netfilter >> mangle table. You keep ignoring the fact that MAC filtration can occur in >> that >> table too. > > Probably because that's not my particular itch. :-) I'm not trying to > be difficult though, just trying to offer POV. Perhaps more > functionality can be offered to those willing to do the MAC > authentication in the filter table?
It's not a question of willingness -- where the output interface is a bridge, maclist filtering in the filter table just *doesn't work*. > I think there are other such tradeoffs in shorewall isn't there? I really try not to punish people for decisions where they have no choice (as in this case). I've added a MACLIST_LOG_BROADCASTS option to shorewall.conf in the 3.3 thread. If I come up with something more elegant, I'll let you know. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
