Provided by: shorewall-common_4.0.12-1_all bug


       maclist - Shorewall MAC Verification file




       This  file  is  used  to  define the MAC addresses and optionally their
       associated IP addresses to be allowed to use the  specified  interface.
       The  feature  is  enabled by using the maclist option in the shorewall-
       interfaces   〈shorewall-interfaces.html〉   (5)    or    shorewall-hosts
       〈shorewall-hosts.html〉 (5) configuration file.

       The columns in the file are as follows.

              ACCEPT   or  DROP  (if  MACLIST_TABLE=filter  in  shorewall.conf
              〈shorewall.conf.html〉 (5), then  REJECT  is  also  allowed).  If
              specified,  the log-level causes packets matching the rule to be
              logged at that level.

              Network interface to a host.

              MAC address of the host -- you do not need to use the  Shorewall
              format  for  MAC  addresses  here. If IP ADDRESSESES is supplied
              then MAC can be supplied as a dash (-)

       IP ADDRESSES (Optional) — [address[,address]...]
              If specified, both the MAC  and  IP  address  must  match.  This
              column  can contain a comma-separated list of host and/or subnet
              addresses. If  your  kernel  and  iptables  have  iprange  match
              support  then  IP address ranges are also allowed. Similarly, if
              your kernel and iptables include ipset support  than  set  names
              (prefixed by "+") are also allowed.



SEE ALSO, shorewall-accounting(5), shorewall-actions(5), shorewall-
       blacklist(5), shorewall-hosts(5),  shorewall-interfaces(5),  shorewall-
       ipsec(5),   shorewall-masq(5),  shorewall-nat(5),  shorewall-netmap(5),
       shorewall-params(5),    shorewall-policy(5),    shorewall-providers(5),
       shorewall-proxyarp(5),       shorewall-route_routes(5),      shorewall-
       routestopped(5),  shorewall-rules(5),   shorewall.conf(5),   shorewall-
       tcclasses(5),  shorewall-tcdevices(5), shorewall-tcrules(5), shorewall-
       tos(5), shorewall-tunnels(5), shorewall-zones(5)

                                 24 June 2008             shorewall-maclist(5)