Add MACLIST_TABLE to shorewall.conf documentation

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2871 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2024-11-08 16:54:10 +01:00 · 2005-10-13 17:57:30 +00:00 · 2005-10-13 17:57:30 +00:00 · f11d10688c
commit f11d10688c
parent d5a79c2156
1 changed files with 17 additions and 1 deletions
--- a/Shorewall-docs2/Documentation.xml
+++ b/Shorewall-docs2/Documentation.xml
@ -15,7 +15,7 @@
      </author>
    </authorgroup>

-    <pubdate>2005-10-01</pubdate>
+    <pubdate>2005-10-13</pubdate>

    <copyright>
      <year>2001-2005</year>
@ -2773,6 +2773,22 @@ eth0                  eth1            206.124.146.176</programlisting>
        </listitem>
      </varlistentry>

+      <varlistentry>
+        <term>MACLIST_TABLE</term>
+
+        <listitem>
+          <para>Normally, MAC verification occurs in the filter table (INPUT
+          and FORWARD) chains. When forwarding a packet from an interface with
+          MAC verification to a bridge interface, that doesn't work.</para>
+
+          <para>This problem can be worked around by setting
+          MACLIST_TABLE=mangle which will cause Mac verification to occur out
+          of the PREROUTING chain. Because REJECT isn't available in that
+          environment, you may not specify MACLIST_DISPOSITION=REJECT with
+          MACLIST_TABLE=mangle.</para>
+        </listitem>
+      </varlistentry>
+
      <varlistentry>
        <term>RFC1918_STRICT</term>