> Shorewall can't help you in the case of a bridge -- neither can > routefilter. You would have to use arptables to prevent a misconfigured > host from hijacking your network. > Which is exactly why I use arptables to "manually" craft my INPUT, OUTPUT and FORWARD arptables chains (in shorewall's "started") - these chain definitions are very similar to their corresponding counterparts in iptables, and there is even arptables-restore, using the same format as iptables-restore, to restore arptables chains.
There is a proposal I've made a while ago for such functionality to be included as part of shorewall (a bit like "rules" for arptables, if you like) as I think it would be beneficial to everyone. ------------------------------------------------------------------------------ Master Java SE, Java EE, Eclipse, Spring, Hibernate, JavaScript, jQuery and much more. Keep your Java skills current with LearnJavaNow - 200+ hours of step-by-step video tutorials by Java experts. SALE $49.99 this month only -- learn more at: http://p.sf.net/sfu/learnmore_122612 _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
