shorewall6-maclist (5) - Linux Manuals

shorewall6-maclist: shorewall6 MAC Verification file

NAME

maclist - shorewall6 MAC Verification file

SYNOPSIS

/etc/shorewall6/maclist

DESCRIPTION

This file is used to define the MAC addresses and optionally their associated IPv6 addresses to be allowed to use the specified interface. The feature is enabled by using the maclist option in the m[blue]shorewall6-interfacesm[][1](5) or m[blue]shorewall6-hostsm[][2](5) configuration file.

The columns in the file are as follows.

DISPOSITION - {ACCEPT|DROP|REJECT}[:log-level]

ACCEPT or DROP (if MACLIST_TABLE=filter in m[blue]shorewall6.confm[][3](5), then REJECT is also allowed). If specified, the log-level causes packets matching the rule to be logged at that level.

INTERFACE - interface

Network interface to a host.

MAC - address

MAC address of the host -- you do not need to use the shorewall6 format for MAC addresses here. If IP ADDRESSES is supplied then MAC can be supplied as a dash (-)

IP ADDRESSES (Optional) - [address[,address]...]

If specified, both the MAC and IP address must match. This column can contain a comma-separated list of host and/or subnet addresses. If your kernel and ip6tables have iprange match support then IP address ranges are also allowed. Similarly, if your kernel and ip6tables include ipset support than set names (prefixed by "+") are also allowed.

FILES

/etc/shorewall6/maclist

NOTES

1.
shorewall6-interfaces
http://www.shorewall.net/manpages6/shorewall6-interfaces.html
2.
shorewall6-hosts
http://www.shorewall.net/manpages6/shorewall6-hosts.html
3.
shorewall6.conf
http://www.shorewall.net/manpages6/shorewall6.conf.html
4.
http://www.shorewall.net/MAC_Validation.html
http://www.shorewall.net/MAC_Validation.html
5.
http://www.shorewall.net/configuration_file_basics.htm#Pairs
http://www.shorewall.net/configuration_file_basics.htm#Pairs