Mailinglist Archive: opensuse (3336 mails)

< Previous Next >
Re: [SLE] SUSE 9.3 Pro and 3 NICs
  • From: James Knott <james.knott@xxxxxxxxxx>
  • Date: Sun, 25 Dec 2005 19:38:35 -0500
  • Message-id: <43AF3B8B.4010404@xxxxxxxxxx>
Michael W Cocke wrote:
> On Sun, 25 Dec 2005 18:21:08 -0600, you wrote:
>
>> At 12/25/05 18:14, you wrote:

>>> As I mentioned in another note, SUSE fireall supports NICs specified in
>>> the form of eth-id-00:05:5d:fe:fc:e4. Note that this contains the NIC
>>> MAC address. It's pretty hard to get confused by specifying the exact
>>> piece of hardware. About the only time this might cause some
>>> difficulty, is when you replace the NIC. At that point, you'll have to
>>> change the MAC address specified.
>> I can see typos, with attendant security holes occurring this way,
>> though. On my server's motherboard are two NIC chips built in--and
>> their MAC addresses differ only in the last character of the last
>> character pair.
>>
>
> I had the same thought as Eric, in addition to the fact that I don't
> use the SuSE firewall - I use shorewall, which is significantly more
> complex to configure (It's also significantly more flexible, so don't
> suggest that I change).

Do know for a fact, that it won't support NIC designations such as
eth-id-00:05:5d:fe:fc:e4? Changing NICs in a firewall should be a
fairly rare event. Changing NICs in a server shouldn't cause a problem.
Face it. The old ethx method is obsolete, so you'd better get used to
the new way.



< Previous Next >
Follow Ups