[Firehol-support] MAC address filtering example needed
Costa Tsaousis
costa at tsaousis.gr
Thu Jun 2 17:24:02 BST 2005
You are right. It is a bug and has been fixed in v1.236.
You can download this version from http://firehol.sf.net/firehol.tar.gz
Just untar it and run firehol.sh.
Regards,
Costa
On Thu, June 2, 2005 19:02, Brian Snipes said:
> Hmmm, if I have a /etc/firehol/coders file with the following content:
> * begin snip
> 00:01:02:35:aa:80 00:01:02:35:ac:80 00:01:02:c8:4c:cc 00:0a:e6:28:42:bf
> 00:0a:e6:28:4a:8e 00:0a:e6:28:58:e2 00:0a:e6:33:55:95 00:0a:e6:41:d1:b4
> 00:0a:e6:28:46:fe
> * end snip
>
> And in my firehol.conf, I have:
> *- begin snip
> coders="`cat /etc/firehol/coders`"
> router lan2i inface ${int_if} outface ${ext_nat_if} mac not "${coders}"
> *- end snip
>
> I get the following error:
> -------------------------------------------------------------------------------
> ERROR : # 1.
> WHAT : A runtime command failed to execute (returned error 2).
> SOURCE : line 267 of /etc/firehol/firehol.conf
> COMMAND : /sbin/iptables -t filter -A out_lan2i -m mac --mac-source any -j
> RETURN
> OUTPUT :
> *- end error
>
> This happens whether I put the mac addresses on one line or one per line.
>
> I am running firehol-1.226 on Gentoo. Is this a small bug or just a
> mistake I have made?
>
> Brian
>
>>>> "Costa Tsaousis" <costa at tsaousis.gr> 6/2/2005 10:24 AM >>>
> Hi,
>
> coders="00:01:02:35:aa:80 00:01:02:35:ac:80 ..."
> # or
> # coders="`cat /path/to/file/with/one/mac/per/line`"
>
> router lan2i inface ${lan_if} outface ${ext_nat_if} mac not "${coders}"
> route bberry accept
> route cups accept
> ...
>
> Now these mac addresses will not even enter the lan2i router.
>
>
> Regards,
>
> Costa
>
>
> On Wed, June 1, 2005 5:15, Brian Snipes said:
>> Greets,
>> Can someone give me an example of using the 'mac' parameter to block all
>> traffic in a router section. I have multiple workstations that have to
>> be
>> blocked from having any outbound access. Here is what I have tried but
>> it
>> doesn't seem to block access:
>> ---------------------------
>> coders="00:01:02:35:aa:80 \
>> 00:01:02:35:ac:80 \
>> 00:01:02:c8:4c:cc \
>> 00:0a:e6:28:42:bf \
>> 00:0a:e6:28:4a:8e \
>> 00:0a:e6:28:58:e2 \
>> 00:0a:e6:33:55:95 \
>> 00:0a:e6:41:d1:b4 \
>> 00:0a:e6:28:46:fe \
>> 00:0c:29:6b:a6:70"
>> ...
>> router lan2i inface lan outface ${ext_nat_if}
>> route all reject mac ${coders}
>> route bberry accept
>> route cups accept
>> route dict accept
>> route ftp accept
>> route http accept
>> route https accept
>> route icmp accept
>> route imap accept
>> route imaps accept
>> route irc accept
>> route jabber accept
>> route ldap accept
>> route ldaps accept
>> route msn accept
>> route nntp accept
>> route nntps accept
>> route ntp accept
>> route ping accept
>> route pop3 accept
>> route pop3s accept
>> route rdp accept
>> client ssh accept src x.x.x.x/32
>> -----------------------------
>>
>> Any ideas?
>>
>> Brian
>>
>>
>> -------------------------------------------------------
>> This SF.Net email is sponsored by Yahoo.
>> Introducing Yahoo! Search Developer Network - Create apps using Yahoo!
>> Search APIs Find out how you can build Yahoo! directly into your own
>> Applications - visit
>> http://developer.yahoo.net/?fr=offad-ysdn-ostg-q22005
>> _______________________________________________
>> Firehol-support mailing list
>> Firehol-support at lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/firehol-support
>>
>
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by Yahoo.
> Introducing Yahoo! Search Developer Network - Create apps using Yahoo!
> Search APIs Find out how you can build Yahoo! directly into your own
> Applications - visit http://developer.yahoo.net/?fr=offad-ysdn-ostg-q22005
> _______________________________________________
> Firehol-support mailing list
> Firehol-support at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/firehol-support
>
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by Yahoo.
> Introducing Yahoo! Search Developer Network - Create apps using Yahoo!
> Search APIs Find out how you can build Yahoo! directly into your own
> Applications - visit http://developer.yahoo.net/?fr=offad-ysdn-ostg-q22005
> _______________________________________________
> Firehol-support mailing list
> Firehol-support at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/firehol-support
>
More information about the Firehol-support
mailing list