.\" Automatically generated by Pandoc 2.9.2.1
.nh
.\"
.TH "firehol-mac" "5" "Built 28 Feb 2021" "FireHOL Reference" "3.1.7"
.hy
.SH NAME
.PP
firehol-mac - ensure source IP and source MAC address match
.SH SYNOPSIS
.PP
mac \f[I]IP\f[R] \f[I]macaddr\f[R]
.SH DESCRIPTION
.PP
Any \f[C]mac\f[R] commands will affect all traffic destined for the
firewall host, or to be forwarded by the host.
They must be declared before the first router or interface.
.RS
.PP
\f[B]Note\f[R]
.PP
There is also a \f[C]mac\f[R] parameter which allows matching MAC
addresses within individual rules (see firehol-params(5)).
.RE
.PP
The \f[C]mac\f[R] helper command DROPs traffic from the \f[I]IP\f[R]
address that was not sent using the \f[I]macaddr\f[R] specified.
.PP
When packets are dropped, a log is produced with the label \[lq]MAC
MISSMATCH\[rq] (sic.).
\f[C]mac\f[R] obeys the default log limits (see [LOGGING][] in
firehol-params(5)).
.RS
.PP
\f[B]Note\f[R]
.PP
This command restricts an IP to a particular MAC address.
The same MAC address is permitted send traffic with a different IP.
.RE
.SH EXAMPLES
.IP
.nf
\f[C]
mac 192.0.2.1    00:01:01:00:00:e6
mac 198.51.100.1 00:01:01:02:aa:e8
\f[R]
.fi
.SH SEE ALSO
.IP \[bu] 2
firehol(1) - FireHOL program
.IP \[bu] 2
firehol.conf(5) - FireHOL configuration
.IP \[bu] 2
firehol-params(5) - optional rule parameters
.IP \[bu] 2
FireHOL Website (http://firehol.org/)
.IP \[bu] 2
FireHOL Online PDF Manual (http://firehol.org/firehol-manual.pdf)
.IP \[bu] 2
FireHOL Online Documentation (http://firehol.org/documentation/)
.SH AUTHORS
FireHOL Team.