[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] Making SuSE 9.1 a router?? HOW??

Volker Kuhlmann wrote:
> > One way I found to fix this: build your own kernel and do not compile 
> > the device drivers for the network cards as modules but include them 
> > into the kernel. Now the cards will always get the same 'eth...' ID.
> Bad way, IMHO. I'd never even consider monolithic kernels. Try adding
> the NIC modules to your INITRD_MODULES, in the order you want.
> Alternatively, insmod the modules from boot.local in the order you want.
> Untested, but cards get grabbed when their module is loaded.

Just use unique names instead of the dynamically assigned interface
names. You can for example also refer to an ethernet interface by
MAC address or PCI bus address:

$ ip link show eth0
2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
    link/ether 00:e0:4c:9f:61:9a brd ff:ff:ff:ff:ff:ff
$ getcfg-interface eth-id-00:e0:4c:9f:61:9a
$ lspci |grep net
0000:00:12.0 Ethernet controller: VIA Technologies, Inc. VT6102 [Rhine-II] (rev 74)
$ getcfg-interface eth-bus-pci-0000:00:12.0

So in my case I can use either eth0, eth-id-00:e0:4c:9f:61:9a or
eth-bus-pci-0000:00:12.0 as interface name in SuSEfirewall2
depending on whether I want to refer to the first ethernet
interface, an ethernet interface with a certain MAC address or the
interface of a network card in a specific pci slot.


 (o_   Ludwig Nussel
 //\   SUSE LINUX AG, Development
 V_/_  http://www.suse.de/

Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here