Sophie

Sophie

distrib > Mandriva > mes5 > x86_64 > by-pkgid > 45723c51178a73df679c2a8284d8eeff > files > 151

shorewall-doc-4.0.15-0.2mdvmes5.noarch.rpm

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>shorewall-maclist</title><link rel="stylesheet" href="html.css" type="text/css" /><meta name="generator" content="DocBook XSL Stylesheets V1.73.2" /></head><body><div class="refentry" lang="en" xml:lang="en"><a id="id257171"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>maclist — Shorewall MAC Verification file</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">/etc/shorewall/maclist</code> </p></div></div><div class="refsect1" lang="en" xml:lang="en"><a id="id257202"></a><h2>Description</h2><p>This file is used to define the MAC addresses and optionally their
    associated IP addresses to be allowed to use the specified interface. The
    feature is enabled by using the <span class="bold"><strong>maclist</strong></span>
    option in the <a class="ulink" href="shorewall-interfaces.html" target="_self">shorewall-interfaces</a>(5) or <a class="ulink" href="shorewall-hosts.html" target="_self">shorewall-hosts</a>(5) configuration
    file.</p><p>The columns in the file are as follows.</p><div class="variablelist"><dl><dt><span class="term"><span class="bold"><strong>DISPOSITION</strong></span> - {<span class="bold"><strong>ACCEPT</strong></span>|<span class="bold"><strong>DROP</strong></span>|<span class="bold"><strong>REJECT</strong></span>}[<code class="option">:</code><em class="replaceable"><code>log-level</code></em>]</span></dt><dd><p><span class="bold"><strong>ACCEPT</strong></span> or <span class="bold"><strong>DROP</strong></span> (if MACLIST_TABLE=filter in <a class="ulink" href="shorewall.conf.html" target="_self">shorewall.conf</a>(5), then REJECT is
          also allowed). If specified, the
          <em class="replaceable"><code>log-level</code></em> causes packets matching the
          rule to be logged at that level.</p></dd><dt><span class="term"><span class="bold"><strong>INTERFACE</strong></span> -
        <span class="emphasis"><em>interface</em></span></span></dt><dd><p>Network <span class="emphasis"><em>interface</em></span> to a host.</p></dd><dt><span class="term"><span class="bold"><strong>MAC</strong></span> -
        <span class="emphasis"><em>address</em></span></span></dt><dd><p>MAC <span class="emphasis"><em>address</em></span> of the host -- you do not
          need to use the Shorewall format for MAC addresses here. If
          <span class="bold"><strong>IP ADDRESSESES</strong></span> is supplied then
          <span class="bold"><strong>MAC</strong></span> can be supplied as a dash
          (<span class="bold"><strong>-</strong></span>)</p></dd><dt><span class="term"><span class="bold"><strong>IP ADDRESSES</strong></span> (Optional) -
        [<span class="emphasis"><em>address</em></span>[<span class="bold"><strong>,</strong></span><span class="emphasis"><em>address</em></span>]...]</span></dt><dd><p>If specified, both the MAC and IP address must match. This
          column can contain a comma-separated list of host and/or subnet
          addresses. If your kernel and iptables have iprange match support
          then IP address ranges are also allowed. Similarly, if your kernel
          and iptables include ipset support than set names (prefixed by "+")
          are also allowed.</p></dd></dl></div></div><div class="refsect1" lang="en" xml:lang="en"><a id="id257387"></a><h2>FILES</h2><p>/etc/shorewall/maclist</p></div><div class="refsect1" lang="en" xml:lang="en"><a id="id257396"></a><h2>See ALSO</h2><p><a class="ulink" href="http://shorewall.net/MAC_Validation.html" target="_self">http://shorewall.net/MAC_Validation.html</a></p><p>shorewall(8), shorewall-accounting(5), shorewall-actions(5),
    shorewall-blacklist(5), shorewall-hosts(5), shorewall-interfaces(5),
    shorewall-ipsec(5), shorewall-masq(5), shorewall-nat(5),
    shorewall-netmap(5), shorewall-params(5), shorewall-policy(5),
    shorewall-providers(5), shorewall-proxyarp(5), shorewall-route_routes(5),
    shorewall-routestopped(5), shorewall-rules(5), shorewall.conf(5),
    shorewall-tcclasses(5), shorewall-tcdevices(5), shorewall-tcrules(5),
    shorewall-tos(5), shorewall-tunnels(5), shorewall-zones(5)</p></div></div></body></html>

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional