On Dec 22, 2009, at 6:15 PM, Tom Eastep wrote: > Hard to say without knowing the particulars.
The bridge approach so far is working, and has the ?nice? side effect of hiding the firewall from traceroute. The one issue I did find is that the firewall is logging a lot of dropped packets that aren't destined for any of the hosts behind the firewall. For some reason traffic to a few hosts on the network is apparently being broadcast, instead of directed to one specific port on a switch. My solution was to add the following line to the end of /usr/share/shorewall/action.Drop DROP - !$ALLHOSTS Where $ALLHOSTS is defined in params to be a list of all of my hosts. Is there a better, more automatic way, that I can tell Shorewall to ignore any traffic not destined for a host on the protected side of the firewall? Thanks, -Matt ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
