extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-02-17 10:11:16 +01:00
Code Issues Packages Projects Releases Wiki Activity

Clean up MACLIST_TABLE mess in shorewall.conf

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2873 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2005-10-13 18:11:48 +00:00
parent f11d10688c
commit 2fc9e1590e
1 changed files with 2 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
Shorewall/shorewall.conf
View File

@ -716,16 +716,7 @@ RFC1918_STRICT=No
# chains. When forwarding a packet from an interface with MAC verification # chains. When forwarding a packet from an interface with MAC verification
# to a bridge interface, that doesn't work. # to a bridge interface, that doesn't work.
# #
# These problems can be worked around by setting MACLIST_TABLE=mangle which # This problem can be worked around by setting MACLIST_TABLE=mangle which
# will cause Mac verification to occur out of the PREROUTING chain. Because
# REJECT isn't available in that environment, you may not specify
# MACLIST_DISPOSITION=REJECT with MACLIST_TABLE=mangle.
MACLIST_TABLE=filter
#
# These problems can be worked around by setting MACLIST_TABLE=mangle which
# will cause Mac verification to occur out of the PREROUTING chain. Because # will cause Mac verification to occur out of the PREROUTING chain. Because
# REJECT isn't available in that environment, you may not specify # REJECT isn't available in that environment, you may not specify
# MACLIST_DISPOSITION=REJECT with MACLIST_TABLE=mangle. # MACLIST_DISPOSITION=REJECT with MACLIST_TABLE=mangle.
@ -821,7 +812,7 @@ BLACKLIST_DISPOSITION=DROP
# empty (MACLIST_DISPOSITION="") then REJECT is assumed # empty (MACLIST_DISPOSITION="") then REJECT is assumed
# #
MACLIST_DISPOSITION=DROP MACLIST_DISPOSITION=REJECT
# #
# TCP FLAGS Disposition # TCP FLAGS Disposition