shorewall-maclist5maclistShorewall MAC Verification file/etc/shorewall/maclistDescriptionThis file is used to define the MAC addresses and optionally their
associated IP addresses to be allowed to use the specified interface. The
feature is enabled by using the maclist
option in the shorewall-interfaces(5) or shorewall-hosts(5) configuration
file.The columns in the file are as follows.DISPOSITION — {ACCEPT|DROP|REJECT}[log-level]ACCEPT or DROP (if MACLIST_TABLE=filter in shorewall.conf(5), then REJECT is
also allowed). If specified, the
log-level causes packets matching the
rule to be logged at that level.INTERFACE —
interface[:port]Network interface to a host. If the
interface names a bridge, it may be optionally followed by a colon
(":") and a physical port name (e.g., br0:eth4).MAC —
addressMAC address of the host -- you do not
need to use the Shorewall format for MAC addresses here. If
IP ADDRESSESES is supplied then
MAC can be supplied as a dash
(-)IP ADDRESSES (Optional) —
[address[,address]...]If specified, both the MAC and IP address must match. This
column can contain a comma-separated list of host and/or subnet
addresses. If your kernel and iptables have iprange match support
then IP address ranges are also allowed.FILES/etc/shorewall/maclistSee ALSOhttp://shorewall.net/MAC_Validation.htmlshorewall(8), shorewall-accounting(5), shorewall-actions(5),
shorewall-blacklist(5), shorewall-hosts(5), shorewall-interfaces(5),
shorewall-ipsec(5), shorewall-masq(5), shorewall-nat(5),
shorewall-netmap(5), shorewall-params(5), shorewall-policy(5),
shorewall-providers(5), shorewall-proxyarp(5), shorewall-route_routes(5),
shorewall-routestopped(5), shorewall-rules(5), shorewall.conf(5),
shorewall-tcclasses(5), shorewall-tcdevices(5), shorewall-tcrules(5),
shorewall-tos(5), shorewall-tunnels(5), shorewall-zones(5)