Linux Advocate wrote: > Shorewall , v 3.2 > > eth0->adsl router > eth1 ->lan > eth2 ->mz ( for lack of a better name ) > > my zone file > .............. > > ##################### > #ZONE TYPE > fw firewall > net ipv4 > loc ipv4 > mz ipv4 > > #Note : 1 server only in mz > #Note : 50 machines in loc > > > Could anybody > tell me how i could use the mac addresses of machines > (about 20 of them) to control access from > loc zone -> mz zone or vice versa. Just fyi, the > server in the mz zone is running an accounting > package-foxpro based.
I would start by reading: http://www.shorewall.net/3.0/configuration_file_basics.htm#MAC http://www.shorewall.net/3.0/configuration_file_basics.htm#Variables http://www1.shorewall.net/3.0/configuration_file_basics.htm#Continuation http://www.shorewall.net/3.0/Actions.html Then I would configure files as shown below. /etc/shorewall/policy: loc mz REJECT info /etc/shorewall/params: # # List the 20 macs here in Shorewall format # MACS=~00-01-02-03-04-05,\ ~01-02-03-04-05-06,\ ... ~AA-BB-CC-DD-EE-FF-00 /etc/shorewall/actions # # Declare action 'AcceptMacs' # AcceptMacs /etc/shorewall/action.AcceptMacs # # Define the Action (Accept from any of the listed MAC addresses) # ACCEPT $MACS /etc/shorewall/rules: # # Send all loc->mz traffic through the AcceptMacs action. # AcceptMacs loc mz ... -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
