From: Tom E. <te...@sh...> - 2005-10-11 16:40:47
|
On Friday 07 October 2005 09:04, Paulo Cunha wrote: > | > | To work around this problem, a MACLIST_TABLE option has been added > | to shorewall.conf. The default value is MACLIST_TABLE=3Dfilter which > | results in the current behavior. If MACLIST_TABLE=3Dmangle then > | filtering will take place out of the PREROUTING chain of the mangle > | table. Because the REJECT target may not be used in the PREROUTING > | chain, the settings MACLIST_DISPOSITION=3DREJECT and > | MACLIST_TABLE=3Dmangle are incompatible. > | > | If you don't find another solution to your problem, this option > | might provide at least a workaround. > | > | -Tom > > Hum, Good ! > > i' ll try it right now and post the results, > > DROP is valid on the prerouting chain, is'nt it ? > I have reproduced this problem and I have verified that MACLIST_TABLE=3Dman= gle=20 is able to work around it. =2DTom =2D-=20 Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ te...@sh... PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key |