Provided by: shorewall-common_4.0.6-1_all bug

NAME

       maclist - Shorewall MAC Verification file

SYNOPSIS

       /etc/shorewall/maclist

DESCRIPTION

       This  file  is  used  to  define the MAC addresses and optionally their
       associated IP addresses to be allowed to use the  specified  interface.
       The  feature  is  enabled by using the maclist option in the shorewall-
       interfaces   〈shorewall-interfaces.html〉   (5)    or    shorewall-hosts
       〈shorewall-hosts.html〉 (5) configuration file.

       The columns in the file are as follows.

       DISPOSITION — {ACCEPT|DROP|REJECT}[:log-level]
              ACCEPT   or  DROP  (if  MACLIST_TABLE=filter  in  shorewall.conf
              〈shorewall.conf.html〉 (5), then  REJECT  is  also  allowed).  If
              specified,  the log-level causes packets matching the rule to be
              logged at that level.

       INTERFACEinterface
              Network interface to a host.

       MACaddress
              MAC address of the host -- you do not need to use the  Shorewall
              format  for  MAC  addresses  here. If IP ADDRESSESES is supplied
              then MAC can be supplied as a dash (-)

       IP ADDRESSES (Optional) — [address[,address]...]
              If specified, both the MAC  and  IP  address  must  match.  This
              column  can contain a comma-separated list of host and/or subnet
              addresses. If  your  kernel  and  iptables  have  iprange  match
              support  then  IP address ranges are also allowed. Similarly, if
              your kernel and iptables include ipset support  than  set  names
              (prefixed by "+") are also allowed.

FILES

       /etc/shorewall/maclist

SEE ALSO

http://shorewall.net/MAC_Validation.htmlshorewall(8), shorewall-accounting(5), shorewall-actions(5), shorewall-
       blacklist(5), shorewall-hosts(5),  shorewall-interfaces(5),  shorewall-
       ipsec(5),   shorewall-masq(5),  shorewall-nat(5),  shorewall-netmap(5),
       shorewall-params(5),    shorewall-policy(5),    shorewall-providers(5),
       shorewall-proxyarp(5),       shorewall-route_routes(5),      shorewall-
       routestopped(5),  shorewall-rules(5),   shorewall.conf(5),   shorewall-
       tcclasses(5),  shorewall-tcdevices(5), shorewall-tcrules(5), shorewall-
       tos(5), shorewall-tunnels(5), shorewall-zones(5)

                               23 November 2007           shorewall-maclist(5)