Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

shorewall6-maclist(5) [debian man page]

SHOREWALL6-MACLIST(5)						  [FIXME: manual]					     SHOREWALL6-MACLIST(5)

NAME

       maclist - shorewall6 MAC Verification file

SYNOPSIS

       /etc/shorewall6/maclist

DESCRIPTION

       This file is used to define the MAC addresses and optionally their associated IPv6 addresses to be allowed to use the specified interface.
       The feature is enabled by using the maclist option in the shorewall6-interfaces[1](5) or shorewall6-hosts[2](5) configuration file.

       The columns in the file are as follows.

       DISPOSITION - {ACCEPT|DROP|REJECT}[:log-level]
	   ACCEPT or DROP (if MACLIST_TABLE=filter in shorewall6.conf[3](5), then REJECT is also allowed). If specified, the log-level causes
	   packets matching the rule to be logged at that level.

       INTERFACE - interface
	   Network interface to a host.

       MAC - address
	   MAC address of the host -- you do not need to use the shorewall6 format for MAC addresses here. If IP ADDRESSESES is supplied then MAC
	   can be supplied as a dash (-)

       IP ADDRESSES (Optional) - [address[,address]...]
	   If specified, both the MAC and IP address must match. This column can contain a comma-separated list of host and/or subnet addresses.
	   If your kernel and ip6tables have iprange match support then IP address ranges are also allowed. Similarly, if your kernel and
	   ip6tables include ipset support than set names (prefixed by "+") are also allowed.

FILES

       /etc/shorewall6/maclist

SEE ALSO

       http://shorewall.net/MAC_Validation.html

       http://shorewall.net/configuration_file_basics.htm#Pairs

       shorewall6(8), shorewall6-accounting(5), shorewall6-actions(5), shorewall6-blacklist(5), shorewall6-hosts(5), shorewall6-interfaces(5),
       shoewall6-netmap(5),shorewall6-params(5), shorewall6-policy(5), shorewall6-providers(5), shorewall6-rtrules(5), shorewall6-routestopped(5),
       shorewall6-rules(5), shorewall6.conf(5), shorewall6-secmarks(5), shorewall6-tcclasses(5), shorewall6-tcdevices(5), shorewall6-tcrules(5),
       shorewall6-tos(5), shorewall6-tunnels(5), shorewall6-zones(5)

NOTES

	1. shorewall6-interfaces
	   http://www.shorewall.net/manpages6/shorewall6-interfaces.html

	2. shorewall6-hosts
	   http://www.shorewall.net/manpages6/shorewall6-hosts.html

	3. shorewall6.conf
	   http://www.shorewall.net/manpages6/shorewall6.conf.html

[FIXME: source] 						    06/28/2012						     SHOREWALL6-MACLIST(5)

Check Out this Related Man Page

SHOREWALL6-EXCLUSIO(5)						  [FIXME: manual]					    SHOREWALL6-EXCLUSIO(5)

NAME

       exclusion - Exclude a set of hosts from a definition in a shorewall6 configuration file.

SYNOPSIS

       !address-or-range[,address-or-range]...

       !zone-name[,zone-name]...

DESCRIPTION

       Exclusion is used when you wish to exclude one or more addresses from a definition. An exclaimation point is followed by a comma-separated
       list of addresses. The addresses may be single host addresses (e.g., fe80::2a0:ccff:fedb:31c4) or they may be network addresses in CIDR
       format (e.g., fe80::2a0:ccff:fedb:31c4/64). If your kernel and ip6tables include iprange support, you may also specify ranges of ip
       addresses of the form lowaddress-highaddress

       No embedded whitespace is allowed.

       Exclusion can appear after a list of addresses and/or address ranges. In that case, the final list of address is formed by taking the first
       list and then removing the addresses defined in the exclusion.

       Beginning in Shorewall 4.4.13, the second form of exclusion is allowed after all and any in the SOURCE and DEST columns of
       /etc/shorewall/rules. It allows you to omit arbitrary zones from the list generated by those key words.

	   Warning
	   If you omit a sub-zone and there is an explicit or explicit CONTINUE policy, a connection to/from that zone can still be matched by the
	   rule generated for a parent zone.

	   For example:

	   /etc/shorewall6/zones:

	       #ZONE	      TYPE
	       z1	      ip
	       z2:z1	      ip
	       ...

	   /etc/shorewall6/policy:

	       #SOURCE	       DEST	     POLICY
	       z1	       net	     CONTINUE
	       z2	       net	     REJECT

	   /etc/shorewall6/rules:

	       #ACTION	       SOURCE	     DEST	 PROTO	       DEST
	       #						       PORT(S)
	       ACCEPT	       all!z2	     net	 tcp	       22

	   In this case, SSH connections from z2 to net will be accepted by the generated z1 to net ACCEPT rule.

FILES

       /etc/shorewall6/hosts

       /etc/shorewall6/masq

       /etc/shorewall6/rules

       /etc/shorewall6/tcrules

SEE ALSO

       shorewall6(8), shorewall6-accounting(5), shorewall6-actions(5), shorewall6-blacklist(5), shorewall6-hosts(5), shorewall6-interfaces(5),
       shorewall6-maclist(5), shoewall6-netmap(5),shorewall6-params(5), shorewall6-policy(5), shorewall6-providers(5), shorewall6-rtrules(5),
       shorewall6-routestopped(5), shorewall6-rules(5), shorewall6.conf(5), shorewall6-secmarks(5), shorewall6-tcclasses(5),
       shorewall6-tcdevices(5), shorewall6-tcrules(5), shorewall6-tos(5), shorewall6-tunnels(5), shorewall-zones(5)

[FIXME: source] 						    06/28/2012						    SHOREWALL6-EXCLUSIO(5)
Man Page