Join Log in
Score:0
NK-cell avatar Server

Is there a way to configure port security on Linux bridge?

in flag
NK-cell

On switches there is such a feature as Port Security. Roughly speaking it allows to control, which exactly MAC's can be on the specific switch port. You can restrict it to just one MAC or several, and Ethernet frames from some new device will be blocked.

So is there a way to do it in Linux bridge?

This post didn't help.

89
0 + 0
Score:3
mforsetti avatar Server
tz flag
mforsetti

use mac iptables match extension.

it allows to control, which exactly MAC's can be on the specific switch port. You can restrict it to just one MAC or several, and Ethernet frames from some new device will be blocked.

to simulate that, assuming your bridge interface is br0, and MAC addresses you want to allow are 00:01:02:03:04:05 and 01:02:03:04:05:06, you may probably use this:

iptables -A INPUT -i br0 -m mac --mac-source 00:01:02:03:04:05 -j ACCEPT
iptables -A INPUT -i br0 -m mac --mac-source 01:02:03:04:05:06 -j ACCEPT
iptables -A INPUT -i br0 -j DROP
0 + 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.