Provided by: sanewall-doc_1.0.2+ds-2_all bug

NAME
       sanewall-mac - ensure source IP and source MAC address match


SYNOPSIS

       mac IP macaddr


DESCRIPTION
       Any mac commands will affect all traffic destined for the firewall host, or to be forwarded by the host.
       They must be declared before the first router or interface.

           Note

           There is also a mac parameter which allows matching MAC addresses within individual rules (see
           optional rule parameters: sanewall-rule-params(5)).

       The mac helper command DROPs traffic from any IP address that was not sent using the macaddr specified.

       When packets are dropped, a log is produced with the label "MAC MISSMATCH" (sic.).  mac obeys the default
       log limits (see the section called “LOGGING” in optional rule parameters: sanewall-rule-params(5)).

           Note

           This command restricts an IP to a particular MAC address. The same MAC address is permitted send
           traffic with a different IP.


EXAMPLES
           mac 192.0.2.1    00:01:01:00:00:e6
           mac 198.51.100.1 00:01:01:02:aa:e8


SEE ALSO
           Sanewall program: sanewall(1)
           Sanewall configuration: sanewall.conf(5)
           optional rule parameters: sanewall-rule-params(5)


AUTHOR
       Sanewall Team


COPYRIGHT
       Copyright © 2012, 2013 Phil Whineray <phil@sanewall.org>

Sanewall 1.0.2                                  Built 01 Jun 2013                        MAC CONFIG HELPER: S(5)