.\" Automatically generated by Pandoc 1.17.2
.nh
.\"
.TH "firehol\-mac" "5" "Built 21 Jan 2017" "FireHOL Reference" "3.1.1"
.hy
.SH NAME
.PP
firehol\-mac \- ensure source IP and source MAC address match
.SH SYNOPSIS
.PP
mac \f[I]IP\f[] \f[I]macaddr\f[]
.SH DESCRIPTION
.PP
Any \f[C]mac\f[] commands will affect all traffic destined for the
firewall host, or to be forwarded by the host.
They must be declared before the first router or interface.
.RS
.PP
\f[B]Note\f[]
.PP
There is also a \f[C]mac\f[] parameter which allows matching MAC
addresses within individual rules (see
firehol\-params(5)).
.RE
.PP
The \f[C]mac\f[] helper command DROPs traffic from the \f[I]IP\f[]
address that was not sent using the \f[I]macaddr\f[] specified.
.PP
When packets are dropped, a log is produced with the label "MAC
MISSMATCH" (sic.).
\f[C]mac\f[] obeys the default log limits (see [LOGGING][] in
firehol\-params(5)).
.RS
.PP
\f[B]Note\f[]
.PP
This command restricts an IP to a particular MAC address.
The same MAC address is permitted send traffic with a different IP.
.RE
.SH EXAMPLES
.IP
.nf
\f[C]
mac\ 192.0.2.1\ \ \ \ 00:01:01:00:00:e6
mac\ 198.51.100.1\ 00:01:01:02:aa:e8
\f[]
.fi
.SH SEE ALSO
.IP \[bu] 2
firehol(1) \- FireHOL program
.IP \[bu] 2
firehol.conf(5) \- FireHOL configuration
.IP \[bu] 2
firehol\-params(5) \- optional rule parameters
.IP \[bu] 2
FireHOL Website (http://firehol.org/)
.IP \[bu] 2
FireHOL Online PDF Manual (http://firehol.org/firehol-manual.pdf)
.IP \[bu] 2
FireHOL Online Documentation (http://firehol.org/documentation/)
.SH AUTHORS
FireHOL Team.