2. Tech
  3. Configuration of Ethernet Bridge Firewall under Linux

Configuration of Ethernet Bridge Firewall under Linux

xiaoxiao2021-03-06  61

Ebtables is an Ethernet bridge firewall, Ethernet bridge works in data link layers, ebtables to filter data link layer packets.

2.6 The kernel has built-in EBTABLES. To use it must install Ebtables, Ebtables-V2.0.6), you can use Ebtables to filter the data packets of the bridge after installation.

Referring to user actual requirements, set the EBTABLES rules as follows:

1: By default for all packets

2: Separate the source address and destination address and source port and destination port

3: Filter for TCP, UDPP packets, respectively

/ ************************************************** ******************************* /

Ebtables use rules as follows:

Ebtables [-t Table] - [ADI] Chain Rule-Specification [Match-Extensions] [Watcher-Extensions]

-t Table: Generally a Forward chain.

-Adi: a Add to the end of the existing chain; D Delete the rule chain (must specify the rule chain number); i insert a new rule chain (must specify the rule chain number).

-P: The setting of the default rule of the rule table. You can Drop, Accept, Return.

-F: The rule chain of all rule tables is empty.

-L: Indicates the rule table. Can add parameters, - LC, - LN

-p: Specify the use of protocol type, IPv4, ARP, etc. (required to use), see / etc / ethertypes

--ip-proto: IP package, 1 is ICMP package, 6 is TCP package, 17 is UDP package, there is a detailed description under / etc / proCols

- IP-src: Source address of the IP package

- IP-DST: The destination address of the IP package

--IP-SPORT: Source port of IP package

- IP-DPORT: IP package destination port

-i: Indicates from that card to enter

-o: Indicates that from that net card

/ ************************************************** ***************************************** /

Simple configuration rules are as follows:

#! / bin / bash

echo "The Ebtables Start!"

Ebtables -p Forward Accept

Ebtables -P Input Accept

Ebtables -P Output Accept

EBTABLES -F

EBTABLES -A Forward -P IPv4 -i Eth0 / Eth1 - IP-Proto (6/17) - IP-DST (Destination IP) - IP-DPORT (destination port) -J Drop

EBTABLES -A FPRWARD -P IPv4 -i Eth0 / Eth1 - IP-Proto (7/17) - IP-SRC (Source IP) - IP-SPORT (Source Port) -JDROP

转载请注明原文地址:https://www.9cbs.com/read-84954.html

9cbs

New Post(0)