1shorewall-maclist(5)                                      shorewall-maclist(5)
2
3
4

NAME

6       maclist - Shorewall MAC Verification file
7

SYNOPSIS

9       /etc/shorewall/maclist
10

DESCRIPTION

12       This  file is used to define the MAC addresses and optionally their as‐
13       sociated IP addresses to be allowed to use the specified interface. The
14       feature is enabled by using the maclist option in the shorewall-inter‐
15       faces ⟨shorewall-interfaces.html⟩ (5) or shorewall-hosts
16       ⟨shorewall-hosts.html⟩ (5) configuration file.
17
18       The columns in the file are as follows.
19
20       DISPOSITION — {ACCEPT|DROP|REJECT}[:log-level]
21              ACCEPT or DROP (if MACLIST_TABLE=filter in shorewall.conf
22              ⟨shorewall.conf.html⟩ (5), then  REJECT  is  also  allowed).  If
23              specified,  the log-level causes packets matching the rule to be
24              logged at that level.
25
26       INTERFACE — interface
27              Network interface to a host.
28
29       MAC — address
30              MAC address of the host -- you do not need to use the  Shorewall
31              format  for  MAC  addresses  here. If IP ADDRESSESES is supplied
32              then MAC can be supplied as a dash (-)
33
34       IP ADDRESSES (Optional) — [address[,address]...]
35              If specified, both the MAC and IP address must match. This  col‐
36              umn can contain a comma-separated list of host and/or subnet ad‐
37              dresses. If your kernel and iptables have iprange match  support
38              then IP address ranges are also allowed. Similarly, if your ker‐
39              nel and iptables include ipset support than set names  (prefixed
40              by "+") are also allowed.
41

FILES

43       /etc/shorewall/maclist
44

SEE ALSO

46       ⟨http://shorewall.net/MAC_Validation.html⟩
47
48       shorewall(8), shorewall-accounting(5), shorewall-actions(5), shorewall-
49       blacklist(5), shorewall-hosts(5),  shorewall-interfaces(5),  shorewall-
50       ipsec(5),   shorewall-masq(5),  shorewall-nat(5),  shorewall-netmap(5),
51       shorewall-params(5),    shorewall-policy(5),    shorewall-providers(5),
52       shorewall-proxyarp(5),       shorewall-route_routes(5),      shorewall-
53       routestopped(5), shorewall-rules(5),  shorewall.conf(5),  shorewall-tc‐
54       classes(5),  shorewall-tcdevices(5),  shorewall-tcrules(5),  shorewall-
55       tos(5), shorewall-tunnels(5), shorewall-zones(5)
56
57
58
59                                  19 May 2008             shorewall-maclist(5)