maclist — Shorewall MAC Verification file
/etc/shorewall/maclist
This file is used to define the MAC addresses and optionally their associated IP addresses to be allowed to use the specified interface. The feature is enabled by using the maclist option in the shorewall-interfaces(5) or shorewall-hosts(5) configuration file.
The columns in the file are as follows.
:
log-level
]ACCEPT or DROP (if MACLIST_TABLE=filter in shorewall.conf(5), then REJECT is
also allowed). If specified, the
log-level
causes packets matching the
rule to be logged at that level.
Network interface to a host. If the interface names a bridge, it may be optionally followed by a colon (":") and a physical port name (e.g., br0:eth4).
MAC address of the host -- you do not need to use the Shorewall format for MAC addresses here. If IP ADDRESSESES is supplied then MAC can be supplied as a dash (-)
If specified, both the MAC and IP address must match. This column can contain a comma-separated list of host and/or subnet addresses. If your kernel and iptables have iprange match support then IP address ranges are also allowed. Similarly, if your kernel and iptables include ipset support than set names (prefixed by "+") are also allowed.
http://shorewall.net/MAC_Validation.html
shorewall(8), shorewall-accounting(5), shorewall-actions(5), shorewall-blacklist(5), shorewall-hosts(5), shorewall-interfaces(5), shorewall-ipsec(5), shorewall-masq(5), shorewall-nat(5), shorewall-netmap(5), shorewall-params(5), shorewall-policy(5), shorewall-providers(5), shorewall-proxyarp(5), shorewall-route_routes(5), shorewall-routestopped(5), shorewall-rules(5), shorewall.conf(5), shorewall-tcclasses(5), shorewall-tcdevices(5), shorewall-tcrules(5), shorewall-tos(5), shorewall-tunnels(5), shorewall-zones(5)