There are a class of rules that drop "noise" (i.e. SMB broadcasts), which I do like. :-) It seems though that those are evaluated after the maclist rules. Without having looked at the complications such a suggestion might entail :-) I wonder if maclist should not be done only after dropping noise? b. -- My other computer is your Microsoft Windows server. Brian J. Murrell ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
Brian J. Murrell wrote:> There are a class of rules that drop "noise" (i.e. SMB broadcasts), > which I do like. :-) It seems though that those are evaluated after the > maclist rules. > > Without having looked at the complications such a suggestion might > entail :-) I wonder if maclist should not be done only after dropping > noise?The ''rules that drop "noise"'' are called ''default actions'' and are described at http://www.shorewall.net/Actions.html#Default. These "rules" (really actions) are associated with individual policies and are applied when no other rule or restriction matches a packet. It follows that, by definition, these actions must be applied last. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
On Wed, Feb 28, 2007 at 07:11:52PM -0800, Tom Eastep wrote:> Brian J. Murrell wrote: > > There are a class of rules that drop "noise" (i.e. SMB broadcasts), > > which I do like. :-) It seems though that those are evaluated after the > > maclist rules. > > > > Without having looked at the complications such a suggestion might > > entail :-) I wonder if maclist should not be done only after dropping > > noise? > > The ''rules that drop "noise"'' are called ''default actions'' and are > described at http://www.shorewall.net/Actions.html#Default. These > "rules" (really actions) are associated with individual policies and are > applied when no other rule or restriction matches a packet. It follows > that, by definition, these actions must be applied last.Then perhaps what he wants is to run the default actions over stuff matched by the maclist. That would make sense. ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV