Provided by: shorewall_4.4.26.1-1_all bug

NAME

       maclist - Shorewall MAC Verification file

SYNOPSIS

       /etc/shorewall/maclist

DESCRIPTION

       This file is used to define the MAC addresses and optionally their
       associated IP addresses to be allowed to use the specified interface.
       The feature is enabled by using the maclist option in the
       shorewall-interfaces[1](5) or shorewall-hosts[2](5) configuration file.

       The columns in the file are as follows (where the column name is
       followed by a different name in parentheses, the different name is used
       in the alternate specification syntax).

       DISPOSITION - {ACCEPT|DROP|REJECT}[:log-level]
           ACCEPT or DROP (if MACLIST_TABLE=filter in shorewall.conf[3](5),
           then REJECT is also allowed). If specified, the log-level causes
           packets matching the rule to be logged at that level.

       INTERFACE - interface
           Network interface to a host.

       MAC - address
           MAC address of the host -- you do not need to use the Shorewall
           format for MAC addresses here. If IP ADDRESSESES is supplied then
           MAC can be supplied as a dash (-)

       IP ADDRESSES (addresses) - [address[,address]...]
           Optional - if specified, both the MAC and IP address must match.
           This column can contain a comma-separated list of host and/or
           subnet addresses. If your kernel and iptables have iprange match
           support then IP address ranges are also allowed. Similarly, if your
           kernel and iptables include ipset support than set names (prefixed
           by "+") are also allowed.

FILES

       /etc/shorewall/maclist

SEE ALSO

       http://shorewall.net/MAC_Validation.html

       http://shorewall.net/configuration_file_basics.htm#Pairs

       shorewall(8), shorewall-accounting(5), shorewall-actions(5),
       shorewall-blacklist(5), shorewall-hosts(5), shorewall_interfaces(5),
       shorewall-ipsets(5), shorewall-masq(5), shorewall-nat(5),
       shorewall-netmap(5), shorewall-params(5), shorewall-policy(5),
       shorewall-providers(5), shorewall-proxyarp(5),
       shorewall-route_rules(5), shorewall-routestopped(5),
       shorewall-rules(5), shorewall.conf(5), shorewall-secmarks(5),
       shorewall-tcclasses(5), shorewall-tcdevices(5), shorewall-tcrules(5),
       shorewall-tos(5), shorewall-tunnels(5), shorewall-zones(5)

NOTES

        1. shorewall-interfaces
           http://www.shorewall.net/manpages/shorewall-interfaces.html

        2. shorewall-hosts
           http://www.shorewall.net/manpages/shorewall-hosts.html

        3. shorewall.conf
           http://www.shorewall.net/manpages/shorewall.conf.html

[FIXME: source]                   12/13/2011              SHOREWALL-MACLIST(5)