【服务器防护】centos iptables 防火墙设置 mac过滤
1、阻止MAC地址为XX:XX:XX:XX:XX:XX主机的所有通信:
iptables -A INPUT -s 192.168.1.21 -m mac --mac-source XX:XX:XX:XX:XX:XX -j ACCEPT
[!] --mac-source address
Match source MAC address. It must be of the form XX:XX:XX:XX:XX:XX. Note that this only makes sense
for packets coming from an Ethernet device and entering the PREROUTING, FORWARD or INPUT chains.
2、可以写脚本限制MAC:
iptables -P FORWARD DROP
for mac in $(cat ipaddressfile); do
iptables -A FORWARD -m mac --mac-source $mac -j ACCEPT
done
3、