Is there a way to configure port security on Linux bridge?
Solution 1:
use mac
iptables match extension.
it allows to control, which exactly MAC's can be on the specific switch port. You can restrict it to just one MAC or several, and Ethernet frames from some new device will be blocked.
to simulate that, assuming your bridge interface is br0
, and MAC addresses you want to allow are 00:01:02:03:04:05
and 01:02:03:04:05:06
, you may probably use this:
iptables -A INPUT -i br0 -m mac --mac-source 00:01:02:03:04:05 -j ACCEPT
iptables -A INPUT -i br0 -m mac --mac-source 01:02:03:04:05:06 -j ACCEPT
iptables -A INPUT -i br0 -j DROP