Hi, the documentation states that you can only use maclist on ethernet interfaces, and in fact shorewall fails when I try and use that feature on a 802.11b interface. However, I can use MAC addresses matching just fine in the ''rules'' file on my wireless interface. Why this difference? Thanks, riccardo
rv wrote:> Hi, > the documentation states that you can only use maclist on ethernet > interfaces, and in fact shorewall fails when I try and use that feature > on a 802.11b interface. However, I can use MAC addresses matching just > fine in the ''rules'' file on my wireless interface. Why this difference?Because ethernet is the only thing that I have to test with. If you can tell me how to detect an 802.11b interface using standard utilities, I can add support for them. -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://www.shorewall.net Washington USA \ teastep@shorewall.net
Tom Eastep wrote:> > Because ethernet is the only thing that I have to test with. If you can > tell me how to detect an 802.11b interface using standard utilities, I > can add support for them. >Or: ip link show > /tmp/links and send me the /tmp/links file. Do NOT cut and paste the output of ''ip''. -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://www.shorewall.net Washington USA \ teastep@shorewall.net
The wireless interface looks pretty much like a standard ethernet. I guess the problem here is the driver I''m using (hostap), which names it wlan0 instead of eth0; some other drivers use the ethX naming scheme. Attached is the output of ip link show. Thanks, riccardo -------------- next part -------------- A non-text attachment was scrubbed... Name: links Type: application/octet-stream Size: 907 bytes Desc: not available Url : http://lists.shorewall.net/pipermail/shorewall-users/attachments/20030218/128b522e/links.obj -------------- next part -------------- On Tuesday, Feb 18, 2003, at 23:03 Europe/London, Tom Eastep wrote:> Tom Eastep wrote: > >> Because ethernet is the only thing that I have to test with. If you >> can tell me how to detect an 802.11b interface using standard >> utilities, I can add support for them.
rv wrote:> The wireless interface looks pretty much like a standard ethernet. I > guess the problem here is the driver I''m using (hostap), which names it > wlan0 instead of eth0; some other drivers use the ethX naming scheme. > > Attached is the output of ip link show. >In /usr/lib/shorewall/firewall, locate the function ''setup_mac_lists''. In that function you will see a case statement: for interface in $maclist_interfaces; do case $interface in eth*) ;; *) fatal_error "Error: MAC verification is only supported on ethernet devices: $interface" ;; esac createchain `mac_chain $interface` no done Change the "eth*)" to "eth*|wlan*)". -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://www.shorewall.net Washington USA \ teastep@shorewall.net