Keep me in CC. I'd like to request that the mac match not be allowed in the FORWARD chain as it does not function the way that some may think. The tests I've performed indicate that the match will match the MAC address of the transmitting interface (not what one would expect if attempting to allow based on the mac address of the sender and blocking all other packets) I'd like to hear comments about this. If it is not fesable to do this, I'd recommend adding text to the man page so that others do not fall into the same problem I did. I have already worked around this problem in my setup. -- Lab tests show that use of micro$oft causes cancer in lab animals Got Gas???
