> Something like this?
>
> http://www1.shorewall.net/manpages/shorewall-arprules.html
>
Indeed. I take it this isn't "mainstream" yet (judging by the first like
of that man page), as this is the first time I am seeing it. Assuming
that is so, I am also not sure that all ACTIONs included in that man
page are supported - at least for my distro (Fedora) - this would need
thorough checking. There was a specific command, the name of which
escapes me at the moment, which could be used to show the available
built-in arptables targets for a particular distro (like DROP, ACCEPT
etc). That is worth using to build a potential list of capabilities for
the various distros out there.
You also need to be aware that you have 2 source and 2 destination
pairs: SOURCE (as in IP address/mask), as well as HW SOURCE (as in MAC
address), DESTINATION, as well as HW DESTINATION (or, as is referred in
arptables, TARGET/HW TARGET). There are also other options, which can be
specified in the arptables statement as well (for *very* specific
fine-grade tuning), though I don't use these:
--arhln -a [!] length[/mask]
Hardware address length
--arpop -p [!] operation[/mask]
ARP operation
--arhrd -h [!] hrd[/mask]
ARP hardware address
--arpro -w [!] plen[/mask]
ARP protocol address format
Another possible pitfall you need to be aware of is the chain names -
Fedora, in their infinite wisdom, decided to "do a Micro$oft" and
changed the names the core chains to be IN, OUT and FORWARD, instead of
keeping with all other distros out there (Debian, Ubintu etc), so if you
plan to introduce this feature in shorewall, you need to be aware of
those differences.
On a separate note, something of a heads-up for you Tom: I've just found
quite a few "nasties" in shorewall (tested on shorewall .10+, though I
am not finished yet), some of them not very pleasant to say the least,
but will have more time to finish my testing to be sure - will be in a
position to post them no earlier than this weekend (too busy at the moment).
------------------------------------------------------------------------------
Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current
with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft
MVPs and experts. ON SALE this month only -- learn more at:
http://p.sf.net/sfu/learnmore_122712
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
