maclist - Shorewall MAC Verification file
/etc/shorewall[6]/maclist
This file is used to define the MAC addresses and optionally their
associated IP addresses to be allowed to use the specified interface. The
feature is enabled by using the maclist option in the
shorewall-interfaces[1](5) or shorewall-hosts[2](5)
configuration file.
The columns in the file are as follows (where the column name is
followed by a different name in parentheses, the different name is used in
the alternate specification syntax).
DISPOSITION -
{ACCEPT|DROP|REJECT}[:log-level]
ACCEPT or DROP (if MACLIST_TABLE=filter in
shorewall.conf[3](5), then REJECT is also allowed). If specified, the
log-level causes packets matching the rule to be logged at that
level.
INTERFACE - interface
Network interface to a host.
MAC - address
MAC address of the host -- you do not need to use
the Shorewall format for MAC addresses here. If IP ADDRESSES is
supplied then MAC can be supplied as a dash (-)
IP ADDRESSES (addresses) -
[address[,address]...]
Optional - if specified, both the MAC and IP address must
match. This column can contain a comma-separated list of host and/or subnet
addresses. If your kernel and iptables have iprange match support then IP
address ranges are also allowed. Similarly, if your kernel and iptables
include ipset support than set names (prefixed by "+") are also
allowed.
/etc/shorewall/maclist
/etc/shorewall6/maclist
http://www.shorewall.net/MAC_Validation.html[4]
http://www.shorewall.net/configuration_file_basics.htm#Pairs[5]
shorewall(8)
- 1.
- shorewall-interfaces
http://www.shorewall.org/manpages/shorewall-interfaces.html
- 2.
- shorewall-hosts
http://www.shorewall.org/manpages/shorewall-hosts.html
- 3.
- shorewall.conf
http://www.shorewall.org/manpages/shorewall.conf.html
- 4.
- http://www.shorewall.net/MAC_Validation.html
http://www.shorewall.org/MAC_Validation.html
- 5.
- http://www.shorewall.net/configuration_file_basics.htm#Pairs
http://www.shorewall.org/configuration_file_basics.htm#Pairs