Provided by: shorewall_5.2.3.4-1_all bug


       maclist - Shorewall MAC Verification file




       This file is used to define the MAC addresses and optionally their associated IP addresses
       to be allowed to use the specified interface. The feature is enabled by using the maclist
       option in the shorewall-interfaces[1](5) or shorewall-hosts[2](5) configuration file.

       The columns in the file are as follows (where the column name is followed by a different
       name in parentheses, the different name is used in the alternate specification syntax).

           ACCEPT or DROP (if MACLIST_TABLE=filter in shorewall.conf[3](5), then REJECT is also
           allowed). If specified, the log-level causes packets matching the rule to be logged at
           that level.

       INTERFACE - interface
           Network interface to a host.

       MAC - address
           MAC address of the host -- you do not need to use the Shorewall format for MAC
           addresses here. If IP ADDRESSES is supplied then MAC can be supplied as a dash (-)

       IP ADDRESSES (addresses) - [address[,address]...]
           Optional - if specified, both the MAC and IP address must match. This column can
           contain a comma-separated list of host and/or subnet addresses. If your kernel and
           iptables have iprange match support then IP address ranges are also allowed.
           Similarly, if your kernel and iptables include ipset support than set names (prefixed
           by "+") are also allowed.




SEE ALSO[4][5]



        1. shorewall-interfaces

        2. shorewall-hosts

        3. shorewall.conf