Provided by: sanewall-doc_1.0.2+ds-2_all bug

NAME

       sanewall-mac - ensure source IP and source MAC address match

SYNOPSIS

       mac IP macaddr

DESCRIPTION

       Any mac commands will affect all traffic destined for the firewall host, or to be
       forwarded by the host. They must be declared before the first router or interface.

           Note
           There is also a mac parameter which allows matching MAC addresses within individual
           rules (see optional rule parameters: sanewall-rule-params(5)).

       The mac helper command DROPs traffic from any IP address that was not sent using the
       macaddr specified.

       When packets are dropped, a log is produced with the label "MAC MISSMATCH" (sic.).  mac
       obeys the default log limits (see the section called “LOGGING” in optional rule
       parameters: sanewall-rule-params(5)).

           Note
           This command restricts an IP to a particular MAC address. The same MAC address is
           permitted send traffic with a different IP.

EXAMPLES

           mac 192.0.2.1    00:01:01:00:00:e6
           mac 198.51.100.1 00:01:01:02:aa:e8

SEE ALSO

           Sanewall program: sanewall(1)
           Sanewall configuration: sanewall.conf(5)
           optional rule parameters: sanewall-rule-params(5)

AUTHOR

       Sanewall Team

COPYRIGHT

       Copyright © 2012, 2013 Phil Whineray <phil@sanewall.org>