Hello, I want to ask how to make IP - MAC pair rule in shorewall. I`m working on accounting and I want to decline quota stealing by entering static ip address instead of DHCP. Maclist is not useful, because I need redirect users which are not in Maclist. I tried this: DROP loc:~00-11-22-33-44-55:153.122.100.100 net but was not working. Thank you for answer RadOOne ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
On Mon, Feb 19, 2007 at 07:57:44PM +0100, Radovan Stas wrote:> I want to ask how to make IP - MAC pair rule in shorewall. I`m working on > accounting and I want to decline quota stealing by entering static ip > address instead of DHCP. Maclist is not useful, because I need redirect > users which are not in Maclist.It''s not apparent what you''re trying to do, but whatever it is, this is not a sane way to do it and is unlikely to accomplish anything. Perhaps you are under the impression that MAC addresses are fixed? They aren''t. ifconfig eth0 hw ether 0a:bb:cc:dd:ee:ff sets your MAC address. Physical layer accounting must be based on the interface, not the MAC address. ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
Radovan Stas wrote: .> > I tried this: > > DROP loc:~00-11-22-33-44-55:153.122.100.100 net > > but was not working. >There''s no way to do that with a single Shorewall rule. You need to use an Action. /etc/shorewall/actions: Silly /etc/shorewall/action.Silly DROP ~00-11-22-33-44-55 - /etc/shorewall/rules: Silly loc:153.122.100.100 net But as Andrew says, this all strikes me as a lot of work for little gain. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
Hi I have entering requests coming from a remote lan with 192.168.0.0/24 on eth2 (wan to fw) and I would like that the answer is done by this same way (by eth2) because I have too a static route defined : 192.168.0.0/24 by eth5 (only for outgoing requests : fw to wan) eth2 and eth5 are wan zone Thanks VUILLET Damien ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
lpa du morvan wrote:> I have entering requests coming from a remote lan with 192.168.0.0/24 on > eth2 (wan to fw) > and I would like that the answer is done by this same way (by eth2) > because I have too a static route defined : 192.168.0.0/24 by eth5 (only for > outgoing requests : fw to wan) > > eth2 and eth5 are wan zonePlease see http://www.shorewall.net/MultiISP.html -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV