firehol-mac man page

firehol-mac — ensure source IP and source MAC address match


mac IP macaddr


Any mac commands will affect all traffic destined for the firewall host, or to be forwarded by the host. They must be declared before the first router or interface.


There is also a mac parameter which allows matching MAC addresses within individual rules (see firehol-params(5)).

The mac helper command DROPs traffic from the IP address that was not sent using the macaddr specified.

When packets are dropped, a log is produced with the label "MAC MISSMATCH" (sic.) . mac obeys the default log limits (see [LOGGING][] in firehol-params(5)).


This command restricts an IP to a particular MAC address. The same MAC address is permitted send traffic with a different IP.


mac    00:01:01:00:00:e6
mac 00:01:01:02:aa:e8

See Also

firehol(1) - FireHOL program
firehol.conf(5) - FireHOL configuration
firehol-params(5) - optional rule parameters
FireHOL Website (
FireHOL Online PDF Manual (
FireHOL Online HTML Manual (


FireHOL Team.

Referenced By


Built 15 Feb 2015 FireHOL Reference 2.0.1