iptables -A INPUT -m mac --mac-source XX:XX:XX:XX:XX:XX -j DROP
2、允許MAC地址為XX:XX:XX:XX:XX:XX主機訪問22端口:
iptables -A INPUT -p tcp --destination-port 22 -m mac --mac-source XX:XX:XX:XX:XX:XX -j ACCEPT
3、允許IP地址為192.168.1.21,MAC地址為XX:XX:XX:XX:XX:XX的主機通信,拒絕多有其他主機:
iptables -A INPUT -s 192.168.1.21 -m mac --mac-source XX:XX:XX:XX:XX:XX -j ACCEPT
iptables -P INPUT DROP
4、可以寫腳本限制MAC:
iptables -P FORWARD DROP
for mac in $(cat ipaddressfile); do
iptables -A FORWARD -m mac --mac-source $mac -j ACCEPT
done
沒有留言:
張貼留言