# Straight rule
iptables -I INPUT -m mac --mac-source 00:50:BA:56:CB:3A -j DROP

	# source MAC matches
expect gen_ip hook:NF_IP_LOCAL_IN iptable_filter NF_DROP {IPv4 192.168.0.2 192.168.0.1 0 6 1 2 SYN}
gen_ip IF=eth0 MAC=00:50:BA:56:CB:3A 192.168.0.2 192.168.0.1 0 6 1 2 SYN

	# source MAC doesn't
expect gen_ip hook:NF_IP_LOCAL_IN iptable_filter NF_ACCEPT {IPv4 192.168.0.2 192.168.0.1 0 6 1 2 SYN}
gen_ip IF=eth0 MAC=00:A0:C9:5A:94:EF 192.168.0.2 192.168.0.1 0 6 1 2 SYN

iptables -D INPUT -m mac --mac-source 00:50:BA:56:CB:3A -j DROP

# Inverted rule
iptables -I INPUT -m mac ! --mac-source 00:50:BA:56:CB:3A -j DROP

	# source MAC matches
expect gen_ip hook:NF_IP_LOCAL_IN iptable_filter NF_ACCEPT {IPv4 192.168.0.2 192.168.0.1 0 6 1 2 SYN}
gen_ip IF=eth0 MAC=00:50:BA:56:CB:3A 192.168.0.2 192.168.0.1 0 6 1 2 SYN

	# source MAC doesn't
expect gen_ip hook:NF_IP_LOCAL_IN iptable_filter NF_DROP {IPv4 192.168.0.2 192.168.0.1 0 6 1 2 SYN}
gen_ip IF=eth0 MAC=00:A0:C9:5A:94:EF 192.168.0.2 192.168.0.1 0 6 1 2 SYN

iptables -D INPUT -m mac ! --mac-source 00:50:BA:56:CB:3A -j DROP