It seems that the "maclist" checking is done before any "noise" can be suppressed. Let me explain.
In my network, I disallow general IP forwarding on the firewall. All access is supposed to go through approved proxies which are allowed the IP forwarding they need to do. In line with such, I have mac address checking enabled and whitelist the machines that should be allowed access. I also log maclist violations as a trouble-shooting measure. What that means however is that some "badly behaving" applications will fill the logs with noise. Ekiga is one of these. Despite not even configuring with an account on their external server, it insists on wanting to try to contact the external server, which is in violation of the maclist for most machines. Yes, I have filed a bug with the ekiga folks about it but they have prioritized it low and likely will never fix it. That doesn't mean it's still not annoying to have my logs filled with it's broken and lame attempts. It would be nice to have the possibility of telling shorewall about maclist violations that should be ignored. Or is this really too "fringe" to do anything formal (i.e. informally, I can insert rules directly in started) in shorewall about? Cheers, b.
signature.asc
Description: This is a digitally signed message part
------------------------------------------------------------------------------ Protect Your Site and Customers from Malware Attacks Learn about various malware tactics and how to avoid them. Understand malware threats, the impact they can have on your business, and how you can protect your company and customers by using code signing. http://p.sf.net/sfu/oracle-sfdevnl
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
