From f11d10688c42c22b3934c4d186ed90a49feeba49 Mon Sep 17 00:00:00 2001
From: teastep <teastep@fbd18981-670d-0410-9b5c-8dc0c1a9a2bb>
Date: Thu, 13 Oct 2005 17:57:30 +0000
Subject: [PATCH] Add MACLIST_TABLE to shorewall.conf documentation

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2871 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
---
 Shorewall-docs2/Documentation.xml | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

diff --git a/Shorewall-docs2/Documentation.xml b/Shorewall-docs2/Documentation.xml
index 4c26c2e97..7da677ce3 100644
--- a/Shorewall-docs2/Documentation.xml
+++ b/Shorewall-docs2/Documentation.xml
@@ -15,7 +15,7 @@
       </author>
     </authorgroup>
 
-    <pubdate>2005-10-01</pubdate>
+    <pubdate>2005-10-13</pubdate>
 
     <copyright>
       <year>2001-2005</year>
@@ -2773,6 +2773,22 @@ eth0                  eth1            206.124.146.176</programlisting>
         </listitem>
       </varlistentry>
 
+      <varlistentry>
+        <term>MACLIST_TABLE</term>
+
+        <listitem>
+          <para>Normally, MAC verification occurs in the filter table (INPUT
+          and FORWARD) chains. When forwarding a packet from an interface with
+          MAC verification to a bridge interface, that doesn't work.</para>
+
+          <para>This problem can be worked around by setting
+          MACLIST_TABLE=mangle which will cause Mac verification to occur out
+          of the PREROUTING chain. Because REJECT isn't available in that
+          environment, you may not specify MACLIST_DISPOSITION=REJECT with
+          MACLIST_TABLE=mangle.</para>
+        </listitem>
+      </varlistentry>
+
       <varlistentry>
         <term>RFC1918_STRICT</term>