Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

shorewall6-maclist(5) [debian man page]

SHOREWALL6-MACLIST(5)						  [FIXME: manual]					     SHOREWALL6-MACLIST(5)

NAME

       maclist - shorewall6 MAC Verification file

SYNOPSIS

       /etc/shorewall6/maclist

DESCRIPTION

       This file is used to define the MAC addresses and optionally their associated IPv6 addresses to be allowed to use the specified interface.
       The feature is enabled by using the maclist option in the shorewall6-interfaces[1](5) or shorewall6-hosts[2](5) configuration file.

       The columns in the file are as follows.

       DISPOSITION - {ACCEPT|DROP|REJECT}[:log-level]
	   ACCEPT or DROP (if MACLIST_TABLE=filter in shorewall6.conf[3](5), then REJECT is also allowed). If specified, the log-level causes
	   packets matching the rule to be logged at that level.

       INTERFACE - interface
	   Network interface to a host.

       MAC - address
	   MAC address of the host -- you do not need to use the shorewall6 format for MAC addresses here. If IP ADDRESSESES is supplied then MAC
	   can be supplied as a dash (-)

       IP ADDRESSES (Optional) - [address[,address]...]
	   If specified, both the MAC and IP address must match. This column can contain a comma-separated list of host and/or subnet addresses.
	   If your kernel and ip6tables have iprange match support then IP address ranges are also allowed. Similarly, if your kernel and
	   ip6tables include ipset support than set names (prefixed by "+") are also allowed.

FILES

       /etc/shorewall6/maclist

SEE ALSO

       http://shorewall.net/MAC_Validation.html

       http://shorewall.net/configuration_file_basics.htm#Pairs

       shorewall6(8), shorewall6-accounting(5), shorewall6-actions(5), shorewall6-blacklist(5), shorewall6-hosts(5), shorewall6-interfaces(5),
       shoewall6-netmap(5),shorewall6-params(5), shorewall6-policy(5), shorewall6-providers(5), shorewall6-rtrules(5), shorewall6-routestopped(5),
       shorewall6-rules(5), shorewall6.conf(5), shorewall6-secmarks(5), shorewall6-tcclasses(5), shorewall6-tcdevices(5), shorewall6-tcrules(5),
       shorewall6-tos(5), shorewall6-tunnels(5), shorewall6-zones(5)

NOTES

	1. shorewall6-interfaces
	   http://www.shorewall.net/manpages6/shorewall6-interfaces.html

	2. shorewall6-hosts
	   http://www.shorewall.net/manpages6/shorewall6-hosts.html

	3. shorewall6.conf
	   http://www.shorewall.net/manpages6/shorewall6.conf.html

[FIXME: source] 						    06/28/2012						     SHOREWALL6-MACLIST(5)

Check Out this Related Man Page

SHOREWALL-IPSETS(5)						  [FIXME: manual]					       SHOREWALL-IPSETS(5)

NAME

       ipsets - Specifying the name if an ipset in Shorewall6 configuration files

SYNOPSIS

       +ipsetname

       +ipsetname[flag,...]

       +[ipsetname,...]

DESCRIPTION

       Note: In the above syntax descriptions, the square brackets ("[]") are to be taken literally rather than as meta-characters.

       In most places where a network address may be entered, an ipset may be substituted. Set names must be prefixed by the character "+", must
       start with a letter and may be composed of alphanumeric characters, "-" and "_".

       Whether the set is matched against the packet source or destination is determined by which column the set name appears (SOURCE or DEST).
       For those set types that specify a tupple, two alternative syntaxes are available:
	   [number] - Indicates that 'src' or
		 'dst' should repleated number times. Example: myset[2].
	   [flag,...] where
		 flag is src or
		 dst. Example: myset[src,dst].

       In a SOURCE column, the following pairs are equivalent:

       o   +myset[2] and +myset[src,src]

       In a DEST column, the following paris are equivalent:

       o   +myset[2] and +myset[dst,dst]

       Beginning with Shorewall 4.4.14, multiple source or destination matches may be specified by enclosing the set names within +[...]. The set
       names need not be prefixed with '+'. When such a list of sets is specified, matching packets must match all of the listed sets.

       For information about set lists and exclusion, see shorewall-exclusion[1] (5).

EXAMPLES

       +myset

       +myset[src]

       +myset[2]

       +[myset1,myset2[dst]]

FILES

       /etc/shorewall6/accounting

       /etc/shorewall6/blacklist

       /etc/shorewall6/hosts -- Note: Multiple matches enclosed in +[...] may not be used in this file.

       /etc/shorewall6/maclist -- Note: Multiple matches enclosed in +[...] may not be used in this file.

       /etc/shorewall6/rules

       /etc/shorewall6/secmarks

       /etc/shorewall6/tcrules

SEE ALSO

       shorewall6(8), shorewall6-actions(5), shorewall6-blacklist(5), shorewall6-hosts(5), shorewall6-interfaces(5), shorewall6-maclist(5),
       shoewall6-netmap(5),shorewall6-params(5), shorewall6-policy(5), shorewall6-providers(5), shorewall6-rtrules(5), shorewall6-routestopped(5),
       shorewall6-rules(5), shorewall6.conf(5), shorewall6-secmarks(5), shorewall6-tcclasses(5), shorewall6-tcdevices(5), shorewall6-tcrules(5),
       shorewall6-tos(5), shorewall6-tunnels(5), shorewall6-zones(5)

NOTES

	1. shorewall-exclusion
	   http://www.shorewall.net/manpages6/shorewall-exclusion.html

[FIXME: source] 						    06/28/2012						       SHOREWALL-IPSETS(5)
Man Page