On 10/26/2010 06:41 PM, Norbert Penel wrote:
The nice thing about ipsets and ( iptables -> shorewall ) is that after updating your ipsets you DON'T have to reload your Firewall rules. As a matter of fact I guess you can change the whole logic of your FW rules with ipsets. I come think of it as an Object Oriented Approach. You assign attributes to your sets in shorewall and clients - client/sets into your ipsets.Really thanks gentlemen You re right, i try to open a wan porti have investigate mac filtering and i succeed to get that in my shorewall dump : 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 MAC 00:XX:XX:XX:XX:XX tcp dpt:22unfortunetly it doesn t work ... snifAnyway, i'll have a look on ipsets that seems to fit my needDo you know which shorewall service call will update the IP if this one have change, reload or restart ?
Is this Perfect ??? Or Is it Perfect ?? Cheers. Harry
smime.p7s
Description: S/MIME Cryptographic Signature
------------------------------------------------------------------------------ Nokia and AT&T present the 2010 Calling All Innovators-North America contest Create new apps & games for the Nokia N8 for consumers in U.S. and Canada $10 million total in prizes - $4M cash, 500 devices, nearly $6M in marketing Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store http://p.sf.net/sfu/nokia-dev2dev
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
