Make MAC restrictions clearer

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1059 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2004-01-06 15:40:02 +00:00 · 2004-01-06 15:40:02 +00:00 · ede92b5424
commit ede92b5424
parent 5c9c9d97fd
1 changed files with 11 additions and 7 deletions
--- a/Shorewall-docs/MAC_Validation.xml
+++ b/Shorewall-docs/MAC_Validation.xml
@ -15,14 +15,10 @@
      </author>
    </authorgroup>

-    <pubdate>2002-06-30</pubdate>
+    <pubdate>2004-01-06</pubdate>

    <copyright>
-      <year>2001</year>
-
-      <year>2002</year>
-
-      <year>2003</year>
+      <year>2001-2004</year>

      <holder>Thomas M. Eastep</holder>
    </copyright>
@ -39,7 +35,15 @@

  <para>All traffic from an interface or from a subnet on an interface can be
  verified to originate from a defined set of MAC addresses. Furthermore, each
-  MAC address may be optionally associated with one or more IP addresses.</para>
+  MAC address may be optionally associated with one or more IP addresses. Note
+  that </para>
+
+  <important>
+    <para><emphasis role="bold">MAC addresses are only visible within a
+    ethernet segment so all MAC addresses used in verification must belong to
+    devices physically connected to one of the LANs to which your firewall is
+    connected.</emphasis></para>
+  </important>

  <important>
    <para><emphasis role="bold">Your kernel must include MAC match support