On Sun, 25 Dec 2005 18:21:08 -0600, you wrote:
At 12/25/05 18:14, you wrote:
Michael W Cocke wrote:
On Sun, 25 Dec 2005 17:24:40 -0500, you wrote:
Well, in my own particular case (my firewall system) I don't want to leave ANYTHING to chance, since a NIC misassignment will leave my intranet hanging out in the breeze... I could probably get a default route config such as you describe to work, but it seems to me to be more complex than it needs to be.
As I mentioned in another note, SUSE fireall supports NICs specified in the form of eth-id-00:05:5d:fe:fc:e4. Note that this contains the NIC MAC address. It's pretty hard to get confused by specifying the exact piece of hardware. About the only time this might cause some difficulty, is when you replace the NIC. At that point, you'll have to change the MAC address specified.
I can see typos, with attendant security holes occurring this way, though. On my server's motherboard are two NIC chips built in--and their MAC addresses differ only in the last character of the last character pair.
I had the same thought as Eric, in addition to the fact that I don't use the SuSE firewall - I use shorewall, which is significantly more complex to configure (It's also significantly more flexible, so don't suggest that I change). Mike- -- Mornings: Evolution in action. Only the grumpy will survive. -- Please note - Due to the intense volume of spam, we have installed site-wide spam filters at catherders.com. If email from you bounces, try non-HTML, non-encoded, non-attachments.