07.09.2018 17:02, James Knott пишет:
frame from the mirror port out, this might actually cause a failure. My goal is to block any frame with the Ethernet port MAC address from leaving the computer.
There is no frame nor MAC address before locally originated packet leaves computer.
While I could write the appropriate IPTables commands to do this,
Really? mac [!] --mac-source address Match source MAC address. It must be of the form XX:XX:XX:XX:XX:XX. Note that this only makes sense for packets coming from an Ethernet device and entering the PREROUTING, FORWARD or INPUT chains. Care to show your command?
I would prefer to do it in the firewall configuration, as the network manager supports loading specific zones, but I don't see a way to call a script. I am trying to use the "drop" zone and filtering on source MAC address.
Suggestions?
You can call arbitrary iptables/ebtables commands from firewalld. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org