On Sun, 8 Feb 2004, Brainstorm wrote:
> Hi! First of all, I''m not subscribed to the mailing list. I own an
atheros wifi card (works with madwifi driver (madwifi.sf.net)). The iface name
is athX, so when using MAC verification, the script fails.
>
> >From /usr/share/shorewall/firewall:
>
> -----------------------------------------------
> for interface in $maclist_interfaces; do
> case $interface in
> eth*|wlan*|br[0-9])
> ;;
> *)
> fatal_error "MAC verification is only supported on
ethernet and 802.11b devices: $interface"
> ;;
> esac
>
> createchain `mac_chain $interface` no
> done
> -----------------------------------------------
>
> Why not: eth*|wlan*|br[0-9]|ath[0-9]) ?
I could equally ask why driver writers feel the need to invent new
interface naming conventions. Feel free to update your firewall script
like that and I''ll do the same.
Or simply eliminate the whole for ? How many interfaces do you know that
doesn''t support MAC verification ?
gre, ipip, ipsec, tun, ppp to name a few... Basically any interface that
isn''t based on ethernet.
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net