Discussion:
[Shorewall-users] MAC addresses in DEST rules
Vieri Di Paola
2016-10-21 10:36:02 UTC
Permalink
Hi,

This rules line works:
ACCEPT    dmz:~48-E2-44-54-E7-27    lan:10.215.246.0/23    all

This other rule line fails:
ACCEPT    lan:10.215.144.42    dmz:~48-E2-44-54-E7-27    all

The error message is:
Checking /etc/shorewall/rules...
   ERROR: Unknown Host (~48-E2-44-54-E7-27)

shorewall 5.0.6.2

The shorewall-rules man page suggests that MAC addresses can be used in DEST:
"Hosts may be specified by IP or MAC address; mac addresses must begin with "~" and must use "-" as a separator."
However, further down I can read:
"Restriction: MAC addresses are not allowed (this is a Netfilter restriction)."

So should I conclude that it's impossible to specify MAC addresses in DEST?

Vieri
Tom Eastep
2016-10-21 15:48:07 UTC
Permalink
Hi,
This rules line works: ACCEPT dmz:~48-E2-44-54-E7-27
lan:10.215.246.0/23 all
This other rule line fails: ACCEPT lan:10.215.144.42
dmz:~48-E2-44-54-E7-27 all
Unknown Host (~48-E2-44-54-E7-27)
shorewall 5.0.6.2
The shorewall-rules man page suggests that MAC addresses can be
used in DEST: "Hosts may be specified by IP or MAC address; mac
addresses must begin with "~" and must use "-" as a separator."
However, further down I can read: "Restriction: MAC addresses are
not allowed (this is a Netfilter restriction)."
So should I conclude that it's impossible to specify MAC addresses in DEST?
Yes -- the destination MAC isn't known until just before the packet is
put on the wire.

- -Tom
- --
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
Continue reading on narkive:
Search results for '[Shorewall-users] MAC addresses in DEST rules' (Questions and Answers)
3
replies
How to prioritize internet connections in my house using QoS?
started 2013-03-07 11:17:20 UTC
computer networking
Loading...