Simon Hobson wrote: > > I've got stuff almost sorted now, but obviously vlan-vlan security is > important - will be different tenants. It appears that I can't > combine wildcards with route filtering and arp filtering, so if I put > : > > cust vlan+ detect > tcpflags,nosmurfs,routeback,dhcp,routefilter,arp_filter,arp_ignore=2 > > in my interfaces file, I get : > WARNING: Cannot set ARP filtering on vlan+ > WARNING: Cannot set ARP filtering on vlan+ > WARNING: Cannot set route filtering on vlan+ > > in shorewalls output. > > Other than listing each vlan separately (there's 32 of them on this > box), is it possible to set these options ?
Sure -- set them yourself in a simple shell script (or if you are using a Debian-based distribution, set the options in a 'post-up' record in your interfaces file. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
