On Sun, 2008-07-13 at 21:20 -0700, Tom Eastep wrote: > > Use the rules file
Yeah. The more I thought about it, the more I wondered what the use-case for the maclist file was given that the rules file could handle it -- or so it seemed at first glance. > you might find it more convenient to define an action > that accepts traffic from the approved MACs and then apply that action to > the protocols that the hosts are allowed to use. Hrm. Well, generally, it's an all-or-none. Some hosts are allowed all outbound (i.e. forward) traffic they care to send, others are allowed none (but should be allowed to do OSPF *to* the firewall). But yeah, rules file seems like a better option. b.
signature.asc
Description: This is a digitally signed message part
------------------------------------------------------------------------- Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW! Studies have shown that voting for your favorite open source project, along with a healthy diet, reduces your potential for chronic lameness and boredom. Vote Now at http://www.sourceforge.net/community/cca08
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
