I have a housing complex with Internet access, and I need to assign certain hosts to a certain zone. I don''t necessarily want to use IP addresses in the HOSTS file because they are all DHCP. Is it possible to assign a host via MAC Address in the /etc/shorewall/hosts file? Ex: virus eth1:~00-00-00-00-00-00 instead of virus eth1:192.168.1.56 I need to temporarily block computers that I have found viruses on but still allow them access to my web server. The viruses hit my dansguardian so fast with requests it just boggs down so I need to block them from hitting my redirect rule for port 80 to 8080 Maybe I''m going the wrong way about this. Any suggestions? Thanks, Eli Searle City of Twin Falls IT Dept. 208-735-7280
Eli Searle wrote:> I have a housing complex with Internet access, and I need to assign > certain hosts to a certain zone. > I don''t necessarily want to use IP addresses in the HOSTS file because > they are all DHCP. > > Is it possible to assign a host via MAC Address in the > /etc/shorewall/hosts file? >No. Membership in a zone must apply when the host is either the source or the destination of a connection request but MAC addresses only apply to the source.> > I need to temporarily block computers that I have found viruses on but > still allow them access to my web server.Do you run your web server on port 80?> > The viruses hit my dansguardian so fast with requests it just boggs > down so I need to block them from hitting my redirect rule for port 80 > to 8080 > > Maybe I''m going the wrong way about this. Any suggestions?If you can run your web server on a port other than 80 then you can simply blacklist the offenders (by MAC) for tcp port 80. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net