On Wed, May 23, 2012 at 12:28 PM, Simon Hobson <li...@thehobsons.co.uk>wrote:
> Lee Brown wrote:
>
> >I'm sorry Tom, but I don't understand how the leases assigned from
> >the DHCP server automatically add MAC's it has given an address out
> >to, nor remove MAC's for expired leases.
> >If I understand the example correctly, that is essentially accepting
> >traffic from a fixed list, maclist is a static filter, correct?
>
> Correct.
> What you are asking for isn't available natively in Shorewall - you
> would need some external glue to handle that.
>
Which is why I asked if there was a tool available...:)
>
> The ISC DHCP server has hooks so you can call external scripts for
> various events - though you'd need to add a buffering layer as
> interacting directly with Shorewall (especially if it involves a
> restart to load a modified config) may be too slow for anything but a
> very lightly loaded DHCP server.
>
Oh, I hadn't realized that, thank you. Shorewall is only used to configure
iptables, I modify chains directly after that as my shorewall restart cycle
is rather slow (rules/zones need serious cleaning up.)
Once I identify the chain that implements the maclist, I can add/remove
rules from that to implement what I need.
Thanks Tom, Thanks Simon. This gives me the direction I need.
Regards -- Lee
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
