On 1/12/11 6:53 AM, Brian J. Murrell wrote: > On Wed, 2011-01-12 at 06:40 -0800, Tom Eastep wrote: > > Given that you can use mac addresses in the rules file, what kind of > scenario does is the maclist feature better suited than rules? >
Now that we have actions and MAC matching in rules within them, I don't believe that there is any case where the maclist feature is better suited. It remains for compatibility with earlier releases and for those who find defining an action to be too steep a hill. You can clearly define an 'Accept' action that does filtering by MAC and then ACCEPTs the connection. You can even define a similar action that only does the mac filtering and use it as the default action for ACCEPT policies. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Protect Your Site and Customers from Malware Attacks Learn about various malware tactics and how to avoid them. Understand malware threats, the impact they can have on your business, and how you can protect your company and customers by using code signing. http://p.sf.net/sfu/oracle-sfdevnl
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
