Enabling IP/MAC binding gives error

giacomo · January 24, 2018, 11:41am

The feature is intended to work on a firewall with 2 network interfaces (green + red).

Honestly I never tested it on in single-nic scenario and probably it can’t work with current templates.
Actually, the maclist options is set only on green interface:

github.com

NethServer/nethserver-firewall-base/blob/master/root/etc/e-smith/templates/etc/shorewall/interfaces/20nics#L33


      
                  $OUT .= ",bridge" if ($type eq 'bridge');
                  $OUT .= "\n";
              }
          } else {
              foreach my $i ($ndb->interfaces) {
                  my $role = $i->prop('role') || next;
                  my $type = $i->prop('type') || '';
                  next if ($role eq 'slave' || $role eq 'bridged' || $role eq 'pppoe');
                  next if ($type eq 'alias');
                  if ($role eq 'green') {
                      $OUT .= "loc\t".$i->key."\tdhcp,nosmurfs,routeback".$mac_option;
                  } elsif ($role eq 'red') {
                      $OUT.="net\t".$i->key."\tdhcp,nosmurfs,optional";
                  } else {
                      $role = substr($role,0,5); #truncate zone name to 5 chars
                      if ($role eq 'blue') {
                          $OUT.="$role\t".$i->key."\tdhcp,nosmurfs,routeback".$mac_option;
                      } else {
                          $OUT.="$role\t".$i->key."\tdhcp,nosmurfs,routeback";
                      }
                  }

You could try to manually edit the /etc/shorewall/interfaces, add maclist at the end of line:

net enp0s25 dhcp,nosmurfs,optional

Then, try to restart shorewall:

shorewall restart

Maybe it could work, but without a template-custom modification will be soon lost.