Shorewall users - Mar 2003 - Blacklisting on mac address only

I''m a bit lost here about the use of the maclist option.

I want to deny some machines on the net access based on their mac address. 
These are local machines that can change ip fairly easy and therefore ip 
only is not very reliable.

I''m not sure what the maclist is for however? Is it used only to link
an
ip together with a mac address or can it be used to white/blacklist as 
well?


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

On Wed, 19 Mar 2003, Remco Barendse wrote:
> I''m a bit lost here about the use of the maclist option.
> 
> I want to deny some machines on the net access based on their mac address. 
> These are local machines that can change ip fairly easy and therefore ip 
> only is not very reliable.
> 
> I''m not sure what the maclist is for however? Is it used only to
link an
> ip together with a mac address or can it be used to white/blacklist as 
> well?
> 
The maclist is used to enforce MAC<->IPAddr correspondence or to restrict 
the set of MAC addresses that are usable through a particular interface 
or network.

You want to use the blacklist option then list the MAC addresses that you 
wish to deny in /etc/shorewall/blacklist. These MAC addresses must be 
expressed in Shorewall format (see 
http://www.shorewall.net/configuration_file_basics.htm#MAC).


-Tom
-- 
Tom Eastep    \ Shorewall - iptables made easy
Shoreline,     \ http://shorewall.sf.net
Washington USA  \ teastep@shorewall.net