#
# Shorewall -- /etc/shorewall/maclist
#
# For information about entries in this file, type "man shorewall-maclist"
#
# For additional information, see http://shorewall.net/MAC_Validation.html
#
###############################################################################
# 
# This file is used to define the MAC addresses and optionally their associated
# IP addresses to be allowed to use the specified interface. The feature is
# enabled by using the maclist option in the shorewall-interfaces(5) or
# shorewall-hosts(5) configuration file.
# 
# The columns in the file are as follows (where the column name is followed by a
# different name in parentheses, the different name is used in the alternate
# specification syntax).
# 
# DISPOSITION - {ACCEPT|DROP|REJECT}[:log-level]
# 
#     ACCEPT or DROP (if MACLIST_TABLE=filter in shorewall.conf(5), then REJECT
#     is also allowed). If specified, the log-level causes packets matching the
#     rule to be logged at that level.
# 
# INTERFACE - interface
# 
#     Network interface to a host.
# 
# MAC - address
# 
#     MAC address of the host -- you do not need to use the Shorewall format for
#     MAC addresses here. If IP ADDRESSES is supplied then MAC can be supplied as
#     a dash (-)
# 
# IP ADDRESSES (addresses) - [address[,address]...]
# 
#     Optional - if specified, both the MAC and IP address must match. This
#     column can contain a comma-separated list of host and/or subnet addresses.
#     If your kernel and iptables have iprange match support then IP address
#     ranges are also allowed. Similarly, if your kernel and iptables include
#     ipset support than set names (prefixed by "+") are also allowed.
# 
###############################################################################
#DISPOSITION	INTERFACE		MAC			ADDRESSES