Linux Bridge – How to Configure Port Security

bridgeethernetlinuxlinux-networkingSecurity

On switches there is such a feature as Port Security. Roughly speaking it allows to control, which exactly MAC's can be on the specific switch port. You can restrict it to just one MAC or several, and Ethernet frames from some new device will be blocked.

So is there a way to do it in Linux bridge?

This post didn't help.

Best Answer

use mac iptables match extension.

it allows to control, which exactly MAC's can be on the specific switch port. You can restrict it to just one MAC or several, and Ethernet frames from some new device will be blocked.

to simulate that, assuming your bridge interface is br0, and MAC addresses you want to allow are 00:01:02:03:04:05 and 01:02:03:04:05:06, you may probably use this:

iptables -A INPUT -i br0 -m mac --mac-source 00:01:02:03:04:05 -j ACCEPT
iptables -A INPUT -i br0 -m mac --mac-source 01:02:03:04:05:06 -j ACCEPT
iptables -A INPUT -i br0 -j DROP

Best Answer

Related Solutions

Security – Our security auditor is an idiot. How to give him the information he wants

Switch – Is it possible to mix jumbo frames VLAN and standard mtu VLAN on the same switch port

Related Topic