On Thu, Oct 10, 2019 at 6:37 PM Tom Eastep <teas...@shorewall.net> wrote:

> > This other rule seems to work:
> >
> > ACCEPT                  lan12,lan13:~00-E3-C0-5F-81-5D
> >        soc,s100                        all
> MAC addresses may only be used in the SOURCE column -- a careful reading
> of shorewall-rules(5) should make that clear.

In my previous examples, I've always used the MAC addresses only in
the SOURCE column.

One of my examples was:
ACCEPT $FW:~00-E3-C0-5F-81-5D  soc,s100   all

The MAC addr. is in the SOURCE column.
However, I'm getting this error from "shorewall check":

ERROR: A MAC address(~00-E3-C0-5F-81-5D) cannot be used in this context

Replacing $FW with 'all' yields the same error (in the SOURCE column).

Using any other zone does not produce this error message.


Shorewall-users mailing list

Reply via email to