On Wed, 19 Mar 2003, Remco Barendse wrote:
> I''m a bit lost here about the use of the maclist option.
>
> I want to deny some machines on the net access based on their mac address.
> These are local machines that can change ip fairly easy and therefore ip
> only is not very reliable.
>
> I''m not sure what the maclist is for however? Is it used only to
link an
> ip together with a mac address or can it be used to white/blacklist as
> well?
>
The maclist is used to enforce MAC<->IPAddr correspondence or to restrict
the set of MAC addresses that are usable through a particular interface
or network.
You want to use the blacklist option then list the MAC addresses that you
wish to deny in /etc/shorewall/blacklist. These MAC addresses must be
expressed in Shorewall format (see
http://www.shorewall.net/configuration_file_basics.htm#MAC).
-Tom
--
Tom Eastep \ Shorewall - iptables made easy
Shoreline, \ http://shorewall.sf.net
Washington USA \ teastep@shorewall.net