← 返回命令列表

Linux command

ebtables 命令

安全

权限或系统影响较大,执行前请核对目标。

常用示例

List all rules

sudo ebtables -L

List rules with line numbers

sudo ebtables -L --Ln

Block MAC address

sudo ebtables -A INPUT -s [00:11:22:33:44:55] -j DROP

Allow only specific MAC

sudo ebtables -A INPUT -s ! [00:11:22:33:44:55] -j DROP

Drop packets by protocol

sudo ebtables -A FORWARD -p IPv4 -j DROP

Flush all rules

sudo ebtables -F

Set policy for a chain

sudo ebtables -P FORWARD DROP

Save rules to file

sudo ebtables-save > [rules.txt]

说明

ebtables filters Ethernet frames at the link layer (Layer 2) in Linux bridges. It controls traffic passing through a bridge based on MAC addresses, VLAN tags, and Ethernet protocols, complementing iptables which operates at Layer 3. Ebtables uses chains (INPUT, OUTPUT, FORWARD) and tables (filter, nat, broute) similar to iptables. It's essential for bridge firewall configurations and MAC-based access control.

参数

-L, --list
List all rules.
-A _chain_
Append rule to chain.
-D _chain_
Delete rule from chain.
-I _chain_ _num_
Insert rule at position.
-F _chain_
Flush rules (all or specific chain).
-P _chain_ _target_
Set chain policy.
-p _protocol_
Match protocol (IPv4, IPv6, ARP).
-s _mac_
Source MAC address.
-d _mac_
Destination MAC address.
-i _interface_
Input interface.
-o _interface_
Output interface.
-j _target_
Jump to target (ACCEPT, DROP, CONTINUE, RETURN).
-t _table_
Table to operate on (filter, nat, broute). Default is filter.
--Ln
Show line numbers when listing rules.
-N _chain_
Create a new user-defined chain.
-X _chain_
Delete a user-defined chain.

FAQ

What is the ebtables command used for?

ebtables filters Ethernet frames at the link layer (Layer 2) in Linux bridges. It controls traffic passing through a bridge based on MAC addresses, VLAN tags, and Ethernet protocols, complementing iptables which operates at Layer 3. Ebtables uses chains (INPUT, OUTPUT, FORWARD) and tables (filter, nat, broute) similar to iptables. It's essential for bridge firewall configurations and MAC-based access control.

How do I run a basic ebtables example?

Run `sudo ebtables -L` in a terminal, then adjust file names, paths, flags, or remote targets for your system.

What does -L, --list do in ebtables?

List all rules.