Clean up MACLIST_TABLE mess in shorewall.conf

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2873 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2024-11-23 08:03:11 +01:00 · 2005-10-13 18:11:48 +00:00 · 2005-10-13 18:11:48 +00:00 · 2fc9e1590e
commit 2fc9e1590e
parent f11d10688c
1 changed files with 2 additions and 11 deletions
--- a/Shorewall/shorewall.conf
+++ b/Shorewall/shorewall.conf
@ -716,16 +716,7 @@ RFC1918_STRICT=No
 # chains. When forwarding a packet from an interface with MAC verification
 # to a bridge interface, that doesn't work.
 #
-# These problems can be worked around by setting MACLIST_TABLE=mangle which
-# will cause Mac verification to occur out of the PREROUTING chain. Because
-# REJECT isn't available in that environment, you may not specify
-# MACLIST_DISPOSITION=REJECT with MACLIST_TABLE=mangle.
-
-MACLIST_TABLE=filter
-
-
-#
-# These problems can be worked around by setting MACLIST_TABLE=mangle which
+# This problem can be worked around by setting MACLIST_TABLE=mangle which
 # will cause Mac verification to occur out of the PREROUTING chain. Because
 # REJECT isn't available in that environment, you may not specify
 # MACLIST_DISPOSITION=REJECT with MACLIST_TABLE=mangle.
@ -821,7 +812,7 @@ BLACKLIST_DISPOSITION=DROP
 # empty (MACLIST_DISPOSITION="") then REJECT is assumed
 #

-MACLIST_DISPOSITION=DROP
+MACLIST_DISPOSITION=REJECT

 #
 # TCP FLAGS Disposition