On switches there is such a feature as Port Security. Roughly speaking it allows to control, which exactly MAC's can be on the specific switch port. You can restrict it to just one MAC or several, and Ethernet frames from some new device will be blocked.
So is there a way to do it in Linux bridge?
This post didn't help.
Best Answer
use
mac
iptables match extension.to simulate that, assuming your bridge interface is
br0
, and MAC addresses you want to allow are00:01:02:03:04:05
and01:02:03:04:05:06
, you may probably use this: