【服务器防护】centos iptables 防火墙设置 mac过滤

 

1、阻止MAC地址为XX:XX:XX:XX:XX:XX主机的所有通信：

iptables -A INPUT -s 192.168.1.21 -m mac --mac-source XX:XX:XX:XX:XX:XX -j ACCEPT

[!] --mac-source address
Match source MAC address. It must be of the form XX:XX:XX:XX:XX:XX. Note that this only makes sense
for packets coming from an Ethernet device and entering the PREROUTING, FORWARD or INPUT chains.

 

2、可以写脚本限制MAC：

iptables -P FORWARD DROP

for mac in $(cat ipaddressfile); do

iptables -A FORWARD -m mac --mac-source $mac -j ACCEPT

done 

 

3、