【服务器防护】centos iptables 防火墙设置 mac过滤

 

1、阻止MAC地址为XX:XX:XX:XX:XX:XX主机的所有通信:

iptables -A INPUT -s 192.168.1.21 -m mac --mac-source XX:XX:XX:XX:XX:XX -j ACCEPT

[!] --mac-source address
Match source MAC address. It must be of the form XX:XX:XX:XX:XX:XX. Note that this only makes sense
for packets coming from an Ethernet device and entering the PREROUTING, FORWARD or INPUT chains.

 

2、可以写脚本限制MAC:

iptables -P FORWARD DROP

for mac in $(cat ipaddressfile); do

iptables -A FORWARD -m mac --mac-source $mac -j ACCEPT

done 

 

3、

posted @ 2015-12-16 18:08  NewLife365  阅读(1876)  评论(0编辑  收藏  举报