Is there a way to configure port security on Linux bridge?

security linux ethernet linux-networking bridge

Solution 1:

use mac iptables match extension.

it allows to control, which exactly MAC's can be on the specific switch port. You can restrict it to just one MAC or several, and Ethernet frames from some new device will be blocked.

to simulate that, assuming your bridge interface is br0, and MAC addresses you want to allow are 00:01:02:03:04:05 and 01:02:03:04:05:06, you may probably use this:

iptables -A INPUT -i br0 -m mac --mac-source 00:01:02:03:04:05 -j ACCEPT
iptables -A INPUT -i br0 -m mac --mac-source 01:02:03:04:05:06 -j ACCEPT
iptables -A INPUT -i br0 -j DROP

Related

Nginx http not redirecting to https
Ubuntu + Nginx 127.0.0.1 works but localhost doesn't
Strongswan IPSec Configuration on a VPS
Using a part of the URI as a port number for nginx proxy_pass directive
Different ways of adding to Dictionary
List Highest Correlation Pairs from a Large Correlation Matrix in Pandas?
Python os.path.join() on a list
How to retrieve Request Payload
How to read files from resources folder in Scala?
Undo git reset --hard with uncommitted files in the staging area
How to send and retrieve parameters using $state.go toParams and $stateParams?
Change directory in PowerShell