From ede92b54245c8a6c17b14bd007d664047549efae Mon Sep 17 00:00:00 2001
From: teastep <teastep@fbd18981-670d-0410-9b5c-8dc0c1a9a2bb>
Date: Tue, 6 Jan 2004 15:40:02 +0000
Subject: [PATCH] Make MAC restrictions clearer

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1059 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
---
 Shorewall-docs/MAC_Validation.xml | 18 +++++++++++-------
 1 file changed, 11 insertions(+), 7 deletions(-)

diff --git a/Shorewall-docs/MAC_Validation.xml b/Shorewall-docs/MAC_Validation.xml
index f161b200d..7af2023af 100644
--- a/Shorewall-docs/MAC_Validation.xml
+++ b/Shorewall-docs/MAC_Validation.xml
@@ -15,14 +15,10 @@
       </author>
     </authorgroup>
 
-    <pubdate>2002-06-30</pubdate>
+    <pubdate>2004-01-06</pubdate>
 
     <copyright>
-      <year>2001</year>
-
-      <year>2002</year>
-
-      <year>2003</year>
+      <year>2001-2004</year>
 
       <holder>Thomas M. Eastep</holder>
     </copyright>
@@ -39,7 +35,15 @@
 
   <para>All traffic from an interface or from a subnet on an interface can be
   verified to originate from a defined set of MAC addresses. Furthermore, each
-  MAC address may be optionally associated with one or more IP addresses.</para>
+  MAC address may be optionally associated with one or more IP addresses. Note
+  that </para>
+
+  <important>
+    <para><emphasis role="bold">MAC addresses are only visible within a
+    ethernet segment so all MAC addresses used in verification must belong to
+    devices physically connected to one of the LANs to which your firewall is
+    connected.</emphasis></para>
+  </important>
 
   <important>
     <para><emphasis role="bold">Your kernel must include MAC match support