So here's my use case... I have a (shorewall) gateway but in general, users are not allowed to use it. They must use configured proxies and internal servers which are themselves allowed to use the gateway. The simple solution to this scenario is to simply use the maclist and only list the approved proxies.
This screws up OSPF though. Even though the majority of hosts can't use the gateway, in general, they do need to exchange OSPF packets with it to complete their routing configuration. The simple workaround was to: # iptables -I br-lan_mac -p 89 -j RETURN Indeed, I could stop using maclist and put specific rules into the rules file to do the same thing, but the maclist is nice. :-) Thots? b.
signature.asc
Description: This is a digitally signed message part
------------------------------------------------------------------------- Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW! Studies have shown that voting for your favorite open source project, along with a healthy diet, reduces your potential for chronic lameness and boredom. Vote Now at http://www.sourceforge.net/community/cca08
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
