分类: LINUX
2011-09-29 09:00:00
[root@localhost ~]# wget
[root@localhost ~]#tar xvf arptables-v0.0.3-4.tar.gz
[root@localhost ~]#cd arptables-v0.0.3-4.tar.gz
[root@localhost ~]#make && make install
配置 :防止ARP最有效的方法是只允许网关的ARP包 ,我现在的环境网关IP:59.37.172.1 MAC: 00:23:89:4D:29:12
本机IP: 59.37.172.81 MAC: 00:E0:81:D2:75:C5
另外一台机器IP:59.37.172.80
要求 只允许和网关通信(这象是费话,不和网关通信数据怎么才能够出去呢)
# arptables -A INPUT --src-ip 59.37.172.81 --src-mac 00:23:89:4D:29:12 -j ACCEPT
#arptables -A INPUT --src-ip 59.37.172.1 --src-mac00:E0:81:D2:75:C5 -j ACCEPT
#arptables –P INPUT DROP
配置是不是很简单,和iptables 非常类似。不会的 man arptables 或者 google 关健字 arptables ,其实你们懂的J
现在在80上PING 81
[root@localhost ~]# ping 59.37.172.81
PING 59.37.172.81 (59.37.172.81) 56(84) bytes of data.
From 59.37.172.80 icmp_seq=2 Destination Host Unreachable
From 59.37.172.80 icmp_seq=3 Destination Host Unreachable
From 59.37.172.80 icmp_seq=4 Destination Host Unreachable
From 59.37.172.80 icmp_seq=6 Destination Host Unreachable
From 59.37.172.80 icmp_seq=7 Destination Host Unreachable
From 59.37.172.80 icmp_seq=8 Destination Host Unreachable
From 59.37.172.80 icmp_seq=10 Destination Host Unreachable
From 59.37.172.80 icmp_seq=11 Destination Host Unreachable
From 59.37.172.80 icmp_seq=12 Destination Host Unreachable
From 59.37.172.80 icmp_seq=14 Destination Host Unreachable
From 59.37.172.80 icmp_seq=15 Destination Host Unreachable
From 59.37.172.80 icmp_seq=16 Destination Host Unreachable
--- 59.37.172.81 ping statistics ---
19 packets transmitted, 0 received, +12 errors, 100% packet loss, time 17999ms
, pipe 3
[root@localhost ~]# arp -a
? (59.37.172.1) at 00:23:89:4D:29:12 [ether] on eth0
? (59.37.172.81) at
[root@localhost ~]#
