Maciek Kurkiewicz
2002-Dec-22 20:52 UTC
[Shorewall-users] maclist option -> sorry good ver.
Setting up MAC Verification on eth0... Error: Interface eth0 must be up before Shorewall can start my : /etc/shorewall/shorewall.conf: MACLIST_DISPOSITION=REJECT MACLIST_LOG_LEVEL=info interfaces: #ZONE INTERFACE BROADCAST OPTIONS net ppp0 217.96.90.242 noping loc eth0 255.255.255.0 routestopped,maclistmaclist: maclist: #INTERFACE MAC IP ADDRESSES (Optional) eth0 00:30:4F:19:73:0C 192.168.1.2 eth0 00:30:4F:19:6E:EF 192.168.1.4 eth0 00:E0:7D:BA:8C:C5 192.168.1.6 eth0 00:09:2C:30:02:AD 192.168.1.7 eth0 00:30:4F:19:73:B2 192.168.1.8 policy: #SOURCE DEST POLICY LOG LEVEL LIMIT:BURST loc net ACCEPT net loc ACCEPT loc fw ACCEPT fw loc ACCEPT net fw ACCEPT fw net ACCEPT net all DROP infoall all REJECT info -----WHY NOT WORKING with maclist option in interfaces ?----- -- ---- Promocja Grudniowa Serwery www, konta e-mail www.oferta.alpha.pl ----
Maciek Kurkiewicz
2002-Dec-22 20:52 UTC
[Shorewall-users] maclist option -> sorry good ver.
Setting up MAC Verification on eth0... Error: Interface eth0 must be up before Shorewall can start my : /etc/shorewall/shorewall.conf: MACLIST_DISPOSITION=REJECT MACLIST_LOG_LEVEL=info interfaces: #ZONE INTERFACE BROADCAST OPTIONS net ppp0 217.96.90.242 noping loc eth0 255.255.255.0 routestopped,maclist maclist: #INTERFACE MAC IP ADDRESSES (Optional) eth0 00:30:4F:19:73:0C 192.168.1.2 eth0 00:30:4F:19:6E:EF 192.168.1.4 eth0 00:E0:7D:BA:8C:C5 192.168.1.6 eth0 00:09:2C:30:02:AD 192.168.1.7 eth0 00:30:4F:19:73:B2 192.168.1.8 policy: #SOURCE DEST POLICY LOG LEVEL LIMIT:BURST loc net ACCEPT net loc ACCEPT loc fw ACCEPT fw loc ACCEPT net fw ACCEPT fw net ACCEPT net all DROP infoall all REJECT info -----WHY NOT WORKING with maclist option in interfaces ?----- -- ---- Promocja Grudniowa Serwery www, konta e-mail www.oferta.alpha.pl ----
--On Sunday, December 22, 2002 09:52:19 PM +0100 Maciek Kurkiewicz <maciek@alpha.net.pl> wrote:> Setting up MAC Verification on eth0... > Error: Interface eth0 must be up before Shorewall can start > > my : > /etc/shorewall/shorewall.conf: > MACLIST_DISPOSITION=REJECT > MACLIST_LOG_LEVEL=info > > interfaces: ># ZONE INTERFACE BROADCAST OPTIONS > net ppp0 217.96.90.242 noping > loc eth0 255.255.255.0 routestopped,maclistmaclist: > > maclist: ># INTERFACE MAC IP ADDRESSES (Optional) > eth0 00:30:4F:19:73:0C 192.168.1.2 > eth0 00:30:4F:19:6E:EF 192.168.1.4 > eth0 00:E0:7D:BA:8C:C5 192.168.1.6 > eth0 00:09:2C:30:02:AD 192.168.1.7 > eth0 00:30:4F:19:73:B2 192.168.1.8 > > policy: ># SOURCE DEST POLICY LOG LEVEL LIMIT:BURST > loc net ACCEPT > net loc ACCEPT > loc fw ACCEPT > fw loc ACCEPT > net fw ACCEPT > fw net ACCEPT > net all DROP infoall > all REJECT info > > -----WHY NOT WORKING with maclist option in interfaces ?----- > >Read the error message! You have to start eth0 before you start Shorewall if you want to use the ''maclist'' option. Although I can probably improve that in a future version, that''s the way that it works right now... -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://shorewall.sf.net Washington USA \ teastep@shorewall.net