On 10/26/10 8:41 AM, Norbert Penel wrote: > Really thanks gentlemen > You re right, i try to open a wan port > i have investigate mac filtering and i succeed to get that in my > shorewall dump : > 0 0 ACCEPT tcp -- * * 0.0.0.0/0 > 0.0.0.0/0 MAC 00:XX:XX:XX:XX:XX tcp dpt:22 > unfortunetly it doesn t work ... snif > > Anyway, i'll have a look on ipsets that seems to fit my need > > Do you know which shorewall service call will update the IP if this one > have change, reload or restart ? > > Am i the first to ask for dyndns ? on my mind, it should be implemented > in core ...
Shorewall configures Netfilter which is a stateful *packet filter*. Packet filters are based on the contents of packet protocol headers and connection state. DNS names are not included in those headers. If you want to support clients on dynamic IP addresses, then the best way is to establish a VPN where you authenticate the remote client then filter the tunneled packets using the protocol headers (i.e., with Shorewall). -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Nokia and AT&T present the 2010 Calling All Innovators-North America contest Create new apps & games for the Nokia N8 for consumers in U.S. and Canada $10 million total in prizes - $4M cash, 500 devices, nearly $6M in marketing Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store http://p.sf.net/sfu/nokia-dev2dev
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
