diff --git a/Shorewall-docs/MAC_Validation.html b/Shorewall-docs/MAC_Validation.html
deleted file mode 100644
index 55e1416e7..000000000
--- a/Shorewall-docs/MAC_Validation.html
+++ /dev/null
@@ -1,104 +0,0 @@
-
-
-
- MAC Verification
-
-
-
-
-
-MAC Verification
-
-All traffic from an interface or from a subnet on an interface can be
-verified to originate from a defined set of MAC addresses. Furthermore,
-each MAC address may be optionally associated with one or more IP
-addresses.
-
-Your kernel must include MAC match support (CONFIG_IP_NF_MATCH_MAC -
-module name ipt_mac.o).
-
-There are four components to this facility.
-
- - The maclist interface option in /etc/shorewall/interfaces.
-When
-this option is specified, all traffic arriving on the interface is
-subjet
-to MAC verification.
- - The maclist option in /etc/shorewall/hosts.
-When this option is specified for a subnet, all traffic from that
-subnet is subject to
-MAC verification.
- - The /etc/shorewall/maclist file. This file is used to associate
-MAC addresses with interfaces and to optionally associate IP addresses
-with MAC addresses.
- - The MACLIST_DISPOSITION and MACLIST_LOG_LEVEL variables
-in /etc/shorewall/shorewall.conf.
-The MACLIST_DISPOSITION variable has the value DROP, REJECT or ACCEPT
-and determines the disposition of connection requests that fail MAC
-verification. The MACLIST_LOG_LEVEL variable gives the syslogd level at
-which connection requests that fail verification are to be logged. If
-set the the empty value (e.g., MACLIST_LOG_LEVEL="") then failing
-connection requests are not logged.
-
-
-The columns in /etc/shorewall/maclist are:
-
- - INTERFACE - The name of an ethernet interface on the Shorewall
-system.
- - MAC - The MAC address of a device on the ethernet segment
-connected by INTERFACE. It is not necessary to use the Shorewall MAC
-format in this column although you may use that format if you so choose.
- - IP Address - An optional comma-separated list of IP addresses for
-the device whose MAC is listed in the MAC column.
-
-Example 1: Here are my files (look here
-for details about my setup):
-/etc/shorewall/shorewall.conf:
-
- MACLIST_DISPOSITION=REJECT
MACLIST_LOG_LEVEL=info
-/etc/shorewall/interfaces:
-
- #ZONE INTERFACE BROADCAST OPTIONS
net eth0 206.124.146.255 dhcp,norfc1918,routefilter,blacklist,tcpflags
loc eth2 192.168.1.255 dhcp
dmz eth1 192.168.2.255
WiFi eth3 192.168.3.255 dhcp,maclist
- texas 192.168.9.255
-
-/etc/shorewall/maclist:
-
- #INTERFACE MAC IP ADDRESSES (Optional)
eth3 00:A0:CC:A2:0C:A0 192.168.3.7 #Work Laptop
eth3 00:04:5a:fe:85:b9 192.168.3.250 #WAP11
eth3 00:06:25:56:33:3c 192.168.3.225,192.168.3.8 #WET11
eth3 00:0b:cd:C4:cc:97 192.168.3.8 #TIPPER
-
-As shown above, I use MAC Verification on my wireless zone.
-
-Note: While marketed as a wireless bridge, the WET11 behaves
-like a wireless router with DHCP relay. When forwarding DHCP traffic,
-it uses the
-MAC address of the host (TIPPER) but for other forwarded traffic it
-uses it's
-own MAC address. Consequently, I list the IP addresses of both devices
-in
-/etc/shorewall/maclist.
-Example 2: Router in Wireless Zone
-Suppose now that I add a second wireless segment to my wireless zone
-and gateway that segment via a router with MAC address
-00:06:43:45:C6:15 and IP address 192.168.3.253. Hosts in the second
-segment have IP addresses in the subnet 192.168.4.0/24. I would add the
-following entry to my /etc/shorewall/maclist file:
- eth3 00:06:43:45:C6:15 192.168.3.253,192.168.4.0/24
-This entry accomodates traffic from the router itself (192.168.3.253)
-and from the second wireless segment (192.168.4.0/24). Remember that
-all traffic being sent to my firewall from the 192.168.4.0/24 segment
-will be forwarded by the router so that traffic's MAC address will be
-that of the router (00:06:43:45:C6:15) and not that of the host sending
-the traffic.
- Updated 6/30/2002 - Tom Eastep
-
-Copyright © 2001, 2002, 2003 Thomas M. Eastep.
-
-
-
-
-
-
-
-
-