'\" t .\" Title: shorewall-maclist .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.78.1 .\" Date: 03/16/2017 .\" Manual: Configuration Files .\" Source: Configuration Files .\" Language: English .\" .TH "SHOREWALL\-MACLIST" "5" "03/16/2017" "Configuration Files" "Configuration Files" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" maclist \- Shorewall MAC Verification file .SH "SYNOPSIS" .HP \w'\fB/etc/shorewall/maclist\fR\ 'u \fB/etc/shorewall/maclist\fR .SH "DESCRIPTION" .PP This file is used to define the MAC addresses and optionally their associated IP addresses to be allowed to use the specified interface\&. The feature is enabled by using the \fBmaclist\fR option in the \m[blue]\fBshorewall\-interfaces\fR\m[]\&\s-2\u[1]\d\s+2(5) or \m[blue]\fBshorewall\-hosts\fR\m[]\&\s-2\u[2]\d\s+2(5) configuration file\&. .PP The columns in the file are as follows (where the column name is followed by a different name in parentheses, the different name is used in the alternate specification syntax)\&. .PP \fBDISPOSITION\fR \- {\fBACCEPT\fR|\fBDROP\fR|\fBREJECT\fR}[\fB:\fR\fIlog\-level\fR] .RS 4 \fBACCEPT\fR or \fBDROP\fR (if MACLIST_TABLE=filter in \m[blue]\fBshorewall\&.conf\fR\m[]\&\s-2\u[3]\d\s+2(5), then REJECT is also allowed)\&. If specified, the \fIlog\-level\fR causes packets matching the rule to be logged at that level\&. .RE .PP \fBINTERFACE\fR \- \fIinterface\fR .RS 4 Network \fIinterface\fR to a host\&. .RE .PP \fBMAC\fR \- \fIaddress\fR .RS 4 MAC \fIaddress\fR of the host \-\- you do not need to use the Shorewall format for MAC addresses here\&. If \fBIP ADDRESSES\fR is supplied then \fBMAC\fR can be supplied as a dash (\fB\-\fR) .RE .PP \fBIP ADDRESSES\fR (addresses) \- [\fIaddress\fR[\fB,\fR\fIaddress\fR]\&.\&.\&.] .RS 4 Optional \- if specified, both the MAC and IP address must match\&. This column can contain a comma\-separated list of host and/or subnet addresses\&. If your kernel and iptables have iprange match support then IP address ranges are also allowed\&. Similarly, if your kernel and iptables include ipset support than set names (prefixed by "+") are also allowed\&. .RE .SH "FILES" .PP /etc/shorewall/maclist .SH "SEE ALSO" .PP \m[blue]\fBhttp://www\&.shorewall\&.net/MAC_Validation\&.html\fR\m[]\&\s-2\u[4]\d\s+2 .PP \m[blue]\fBhttp://www\&.shorewall\&.net/configuration_file_basics\&.htm#Pairs\fR\m[]\&\s-2\u[5]\d\s+2 .PP shorewall(8), shorewall\-accounting(5), shorewall\-actions(5), shorewall\-blacklist(5), shorewall\-hosts(5), shorewall_interfaces(5), shorewall\-ipsets(5), shorewall\-masq(5), shorewall\-nat(5), shorewall\-netmap(5), shorewall\-params(5), shorewall\-policy(5), shorewall\-providers(5), shorewall\-proxyarp(5), shorewall\-rtrules(5), shorewall\-routestopped(5), shorewall\-rules(5), shorewall\&.conf(5), shorewall\-secmarks(5), shorewall\-tcclasses(5), shorewall\-tcdevices(5), shorewall\-mangle(5), shorewall\-tos(5), shorewall\-tunnels(5), shorewall\-zones(5) .SH "NOTES" .IP " 1." 4 shorewall-interfaces .RS 4 \%http://www.shorewall.net/manpages/shorewall-interfaces.html .RE .IP " 2." 4 shorewall-hosts .RS 4 \%http://www.shorewall.net/manpages/shorewall-hosts.html .RE .IP " 3." 4 shorewall.conf .RS 4 \%http://www.shorewall.net/manpages/shorewall.conf.html .RE .IP " 4." 4 http://www.shorewall.net/MAC_Validation.html .RS 4 \%http://www.shorewall.net/MAC_Validation.html .RE .IP " 5." 4 http://www.shorewall.net/configuration_file_basics.htm#Pairs .RS 4 \%http://www.shorewall.net/configuration_file_basics.htm#Pairs .RE