At 12/25/05 18:14, you wrote:
Michael W Cocke wrote:
On Sun, 25 Dec 2005 17:24:40 -0500, you wrote:
Well, in my own particular case (my firewall system) I don't want to leave ANYTHING to chance, since a NIC misassignment will leave my intranet hanging out in the breeze... I could probably get a default route config such as you describe to work, but it seems to me to be more complex than it needs to be.
As I mentioned in another note, SUSE fireall supports NICs specified in the form of eth-id-00:05:5d:fe:fc:e4. Note that this contains the NIC MAC address. It's pretty hard to get confused by specifying the exact piece of hardware. About the only time this might cause some difficulty, is when you replace the NIC. At that point, you'll have to change the MAC address specified.
I can see typos, with attendant security holes occurring this way, though. On my server's motherboard are two NIC chips built in--and their MAC addresses differ only in the last character of the last character pair. There is no nonsense so errant that it cannot be made the creed of the vast majority by adequate governmental action. --Bertrand Russell