Michael W Cocke wrote:
On Sun, 25 Dec 2005 18:21:08 -0600, you wrote:
At 12/25/05 18:14, you wrote:
As I mentioned in another note, SUSE fireall supports NICs specified in the form of eth-id-00:05:5d:fe:fc:e4. Note that this contains the NIC MAC address. It's pretty hard to get confused by specifying the exact piece of hardware. About the only time this might cause some difficulty, is when you replace the NIC. At that point, you'll have to change the MAC address specified. I can see typos, with attendant security holes occurring this way, though. On my server's motherboard are two NIC chips built in--and their MAC addresses differ only in the last character of the last character pair.
I had the same thought as Eric, in addition to the fact that I don't use the SuSE firewall - I use shorewall, which is significantly more complex to configure (It's also significantly more flexible, so don't suggest that I change).
Do know for a fact, that it won't support NIC designations such as eth-id-00:05:5d:fe:fc:e4? Changing NICs in a firewall should be a fairly rare event. Changing NICs in a server shouldn't cause a problem. Face it. The old ethx method is obsolete, so you'd better get used to the new way.