Hi tom, the vlan tagged interfaces are now up and running with the mac list option!
As the maclist option does not make any sense for point-to-point connection, from the shorewall point of view is there any other mesure/option ... that I could implement to further increase my openvpn server security?(dual layer security is already set up on openvpn server)? Thank you for the provided answers/explanations!!!:) matt On 21 Oct 2013 at 7:11, Tom Eastep wrote: Date sent: Mon, 21 Oct 2013 07:11:18 -0700 From: Tom Eastep <[email protected]> To: [email protected] Subject: Re: [Shorewall-users] vlan tagged interface Send reply to: Shorewall Users <[email protected]> <mailto:[email protected]?subject=unsubscribe> <mailto:[email protected]?subject=subscribe> > On 10/20/2013 2:41 PM, matt darfeuille wrote: > > Hi, > > > > I am looking to implement vlan tagged interfaces on a debian 7 box. > > Should they be treated as regular interfaces (eg: > > /etc/shorewall/interfaces zones eth1.100 ...)? > > Yes. > > > > > Can the maclist option in /etc/shorewall/interfaces/hosts be used on > > virtual interface?: mainly vlan interface and tun interface? > > It can be used on a vlan interface, but tun interfaces are > point-to-point so maclist isn't appropriate for those. > > > > Regarding some feedback for shorewall 4.5.22/4.5.21.2: > > In /etc/shorewall/interfaces it is mentioned "BROADCAST (Optional) - > > {-|detect|address[,address]...} Only available if FORMAT 1." and it > > is also mentioned that format 1 is deprecated in favor of format 2. > > Is there not a dichotomy between the preferred format(format 2) and > > some pages/examples on the shorewall site which are still using the > > deprecated format(format 1)!? > > Yeah, I'm sure that isn't the only anachronism in the docs. > > > So the question would be: is there a way to have an equivalent to > > the broadcast column using format 2? > > No -- the BROADCAST column contents aren't used at all any more; > that's why format 2 was created. When I have some time, I'll make a > sweep of the docs and remove most references to BROADCAST. > > Thanks, > -Tom > -- > Tom Eastep \ When I die, I want to go like my Grandfather who > Shoreline, \ died peacefully in his sleep. Not screaming like > Washington, USA \ all of the passengers in his car > http://shorewall.net \________________________________________________ > > ------------------------------------------------------------------------------ October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60135991&iu=/4140/ostg.clktrk _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
