-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 10/21/2016 03:36 AM, Vieri Di Paola wrote: > Hi, > > This rules line works: ACCEPT dmz:~48-E2-44-54-E7-27 > lan:10.215.246.0/23 all > > This other rule line fails: ACCEPT lan:10.215.144.42 > dmz:~48-E2-44-54-E7-27 all > > The error message is: Checking /etc/shorewall/rules... ERROR: > Unknown Host (~48-E2-44-54-E7-27) > > shorewall 5.0.6.2 > > The shorewall-rules man page suggests that MAC addresses can be > used in DEST: "Hosts may be specified by IP or MAC address; mac > addresses must begin with "~" and must use "-" as a separator." > However, further down I can read: "Restriction: MAC addresses are > not allowed (this is a Netfilter restriction)." > > So should I conclude that it's impossible to specify MAC addresses > in DEST? >
Yes -- the destination MAC isn't known until just before the packet is put on the wire. - -Tom - -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJYCji3AAoJEJbms/JCOk0Q1zEP/R/iXy5bVr0r/hNfO8XqJXSK UQy+38LOxR5ztd8s03xQajD8yGAxv6bdA6v638lw+9LQFfsGFTEoi7fVcfffnTRy SdPkiMg9GlPC+6b4mx3TArwubS8jjAR+xzhttW2WuA/+UugUR/pvEk7riposgwIj YTAAKwzhKB4YBAZCCOurHDBLg5g04Z0lddZPnXDSHie8QkTjQmcFnhAf0WpU3yHJ gU4jegwliG5alS4bkhZX0RucnH1rjhFp9rW+u+Xqex2zrvU5dyTrJRhF48tilZcU +x0bihRxF50jBNVQhdAmA/ip2zB+VFtZRl/CkgVssBpze9B5/mQ17K+6xQ2rMIcM 4CNY7bP4LFZ9O/SAAt160ONYPDTMlemtuLDhMh/d8aiMmHQMgTUa1WPjflzpTJoB 52Ila6DVJsPOXVA6y8IaLEezNoO5LrPHbvh0+VBdy+t+EFCSMFOGJmaM6v0mwUUp pXPzWomJ2IFgQMCE0WqwPmFXODBuZjdF8xbeYdj4iPYySvuxH+RWxe/T9L4k9Rqu B/npMOLNy9xvoiBPuXM8O2bBqvM4M4xjZNN8EpgOSfUU4CEPFf8CXVkAHxARrjYX dM29jD7v6VtKGjFH4+pkBjzIpLEGI0YumQz6YMIJhS3yo3QaDMQyIoFSn8mc7f0M bPhvO9/sPvHQn0CCXOfb =df1o -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
