On 09/07/2018 01:46 PM, Andrei Borzenkov wrote:
While I could write the appropriate IPTables commands to do this, Really?
Perhaps I should have said in general. I did manually edit it to provide support for IPv6 that was not provided for in the firewall config.
Really?
mac [!] --mac-source address Match source MAC address. It must be of the form XX:XX:XX:XX:XX:XX. Note that this only makes sense for packets coming from an Ethernet device and entering the PREROUTING, FORWARD or INPUT chains.
Care to show your command?
Sorry, I guess I wasn't thinking straight. Frustration can do that. ;-) Still though, it shouldn't be so hard to add custom rules, such as blocking an outgoing IP address or protocol. As far as I can tell, the new firewall makes it difficult to do so. In routers from Cisco etc., you have full control in both directions. I now run pfSense for my firewall and it also supports filtering on any interface, including traffic that's heading out to the 'net. BTW, don't buy cheap TP-Link switches. In addition to this issue, they don't handle VLANs properly. I have configuring port mirroring on Adtran switches and when a computer is plugged into the mirror port, it can't even get an address with DHCP, as all outgoing frames are dropped. Here's what Cisco says in the manual for one of their switches: "When a port is configured as a probe port, the switch does not forward or receive any traffic or respond to a ping." For some reason, TP-Link thinks it's OK to pass frames from a mirror port. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org