It seems that the "maclist" checking is done before any "noise" can be suppressed. Let me explain. In my network, I disallow general IP forwarding on the firewall. All access is supposed to go through approved proxies which are allowed the IP forwarding they need to do. In line with such, I have mac address checking enabled and whitelist the machines that should be allowed access. I also log maclist violations as a trouble-shooting measure. What that means however is that some "badly behaving" applications will fill the logs with noise. Ekiga is one of these. Despite not even configuring with an account on their external server, it insists on wanting to try to contact the external server, which is in violation of the maclist for most machines. Yes, I have filed a bug with the ekiga folks about it but they have prioritized it low and likely will never fix it. That doesn''t mean it''s still not annoying to have my logs filled with it''s broken and lame attempts. It would be nice to have the possibility of telling shorewall about maclist violations that should be ignored. Or is this really too "fringe" to do anything formal (i.e. informally, I can insert rules directly in started) in shorewall about? Cheers, b. ------------------------------------------------------------------------------ Protect Your Site and Customers from Malware Attacks Learn about various malware tactics and how to avoid them. Understand malware threats, the impact they can have on your business, and how you can protect your company and customers by using code signing. http://p.sf.net/sfu/oracle-sfdevnl
On 1/12/11 5:53 AM, Brian J. Murrell wrote:> > What that means however is that some "badly behaving" applications will > fill the logs with noise. Ekiga is one of these. Despite not even > configuring with an account on their external server, it insists on > wanting to try to contact the external server, which is in violation of > the maclist for most machines.Sounds to me like you are using the maclist for filtering that should be done with policies and rules. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Protect Your Site and Customers from Malware Attacks Learn about various malware tactics and how to avoid them. Understand malware threats, the impact they can have on your business, and how you can protect your company and customers by using code signing. http://p.sf.net/sfu/oracle-sfdevnl
On Wed, 2011-01-12 at 06:40 -0800, Tom Eastep wrote:> > Sounds to me like you are using the maclist for filtering that should be > done with policies and rules.Yeah, I had considered that more than once also. Fair enough. Perhaps I will make a move in that direction. Given that you can use mac addresses in the rules file, what kind of scenario does is the maclist feature better suited than rules? Cheers, b. ------------------------------------------------------------------------------ Protect Your Site and Customers from Malware Attacks Learn about various malware tactics and how to avoid them. Understand malware threats, the impact they can have on your business, and how you can protect your company and customers by using code signing. http://p.sf.net/sfu/oracle-sfdevnl
On 1/12/11 6:53 AM, Brian J. Murrell wrote:> On Wed, 2011-01-12 at 06:40 -0800, Tom Eastep wrote: > > Given that you can use mac addresses in the rules file, what kind of > scenario does is the maclist feature better suited than rules? >Now that we have actions and MAC matching in rules within them, I don''t believe that there is any case where the maclist feature is better suited. It remains for compatibility with earlier releases and for those who find defining an action to be too steep a hill. You can clearly define an ''Accept'' action that does filtering by MAC and then ACCEPTs the connection. You can even define a similar action that only does the mac filtering and use it as the default action for ACCEPT policies. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Protect Your Site and Customers from Malware Attacks Learn about various malware tactics and how to avoid them. Understand malware threats, the impact they can have on your business, and how you can protect your company and customers by using code signing. http://p.sf.net/sfu/oracle-sfdevnl