Provided by:
shorewall_3.4.4-1_all 
NAME
maclist - Shorewall MAC Verification file
SYNOPSIS
/etc/shorewall/maclist
DESCRIPTION
This file is used to define the MAC addresses and optionally their
associated IP addresses to be allowed to use the specified interface.
The feature is enabled by using the maclist option in the shorewall-
interfaces(5) or shorewall-hosts(5) configuration file.
The columns in the file are as follows.
DISPOSITION — {ACCEPT|DROP|REJECT}[:log-level]
ACCEPT or DROP (if MACLIST_TABLE=filter in shorewall.conf(5),
then REJECT is also allowed). If specified, the log-level causes
packets matching the rule to be logged at that level.
INTERFACE — interface[:port]
Network interface to a host. If the interface names a bridge, it
may be optionally followed by a colon (":") and a physical port
name (e.g., br0:eth4).
MAC — address
MAC address of the host -- you do not need to use the Shorewall
format for MAC addresses here. If IP ADDRESSESES is supplied
then MAC can be supplied as a dash (-)
IP ADDRESSES (Optional) — [address[,address]...]
If specified, both the MAC and IP address must match. This col‐
umn can contain a comma-separated list of host and/or subnet
addresses. If your kernel and iptables have iprange match sup‐
port then IP address ranges are also allowed. Similarly, if your
kernel and iptables include ipset support than set names (pre‐
fixed by "+") are also allowed.
FILES
/etc/shorewall/maclist
http://shorewall.net/MAC_Validation.html
shorewall(8), shorewall-accounting(5), shorewall-actions(5), shorewall-
blacklist(5), shorewall-hosts(5), shorewall-interfaces(5), shorewall-
ipsec(5), shorewall-masq(5), shorewall-nat(5), shorewall-netmap(5),
shorewall-params(5), shorewall-policy(5), shorewall-providers(5),
shorewall-proxyarp(5), shorewall-route_routes(5), shorewall-
routestopped(5), shorewall-rules(5), shorewall.conf(5), shorewall-
tcclasses(5), shorewall-tcdevices(5), shorewall-tcrules(5), shorewall-
tos(5), shorewall-tunnels(5), shorewall-zones(5)
17 June 2007 shorewall-maclist(5)