On Wed, Feb 28, 2007 at 07:11:52PM -0800, Tom Eastep wrote:
> Brian J. Murrell wrote:
> > There are a class of rules that drop "noise" (i.e. SMB broadcasts),
> > which I do like. :-) It seems though that those are evaluated after the
> > maclist rules.
> > Without having looked at the complications such a suggestion might
> > entail :-) I wonder if maclist should not be done only after dropping
> > noise?
> The 'rules that drop "noise"' are called 'default actions' and are
> described at http://www.shorewall.net/Actions.html#Default. These
> "rules" (really actions) are associated with individual policies and are
> applied when no other rule or restriction matches a packet. It follows
> that, by definition, these actions must be applied last.
Then perhaps what he wants is to run the default actions over stuff
matched by the maclist. That would make sense.