Move MACLIST_TABLE to correct section of shorewall.conf

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2850 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb

Shorewall/shorewall.conf

@@ -709,6 +709,29 @@ PKTTYPE=Yes
 
 RFC1918_STRICT=No
 
+#
+# MAC List Table
+#
+# Normally, MAC verification occurs in the filter table (INPUT and FORWARD)
+# chains. When forwarding a packet from an interface with MAC verification
+# to a bridge interface, that doesn't work.
+#
+# These problems can be worked around by setting MACLIST_TABLE=mangle which
+# will cause Mac verification to occur out of the PREROUTING chain. Because
+# REJECT isn't available in that environment, you may not specify
+# MACLIST_DISPOSITION=REJECT with MACLIST_TABLE=mangle.
+
+MACLIST_TABLE=filter
+
+
+#
+# These problems can be worked around by setting MACLIST_TABLE=mangle which
+# will cause Mac verification to occur out of the PREROUTING chain. Because
+# REJECT isn't available in that environment, you may not specify
+# MACLIST_DISPOSITION=REJECT with MACLIST_TABLE=mangle.
+
+MACLIST_TABLE=filter
+
 #
 # MACLIST caching
 #
@@ -788,20 +811,6 @@ FASTACCEPT=No
 
 BLACKLIST_DISPOSITION=DROP
 
-#
-# MAC List Table
-#
-# Normally, MAC verification occurs in the filter table (INPUT and FORWARD)
-# chains. In some configurations, users have reported problems with MAC
-# verification of forwarded packets.
-#
-# These problems can be worked around by setting MACLIST_TABLE=mangle which
-# will cause Mac verification to occur out of the PREROUTING chain. Because
-# REJECT isn't available in that environment, you may not specify
-# MACLIST_DISPOSITION=REJECT with MACLIST_TABLE=mangle.
-
-MACLIST_TABLE=filter
-
 #
 # MAC List Disposition
 #
@@ -812,7 +821,7 @@ MACLIST_TABLE=filter
 # empty (MACLIST_DISPOSITION="") then REJECT is assumed
 #
 
-MACLIST_DISPOSITION=REJECT
+MACLIST_DISPOSITION=DROP
 
 #
 # TCP FLAGS Disposition