실패노트 우분투 mac 필터 ebtables

[동우]

http://laddumishra.wordpress.com/2012/01/19/mac-filtering-and-bridging-firewalls-in-linuxubuntu/

http://litdemon.springnote.com/pages/7919312

http://ebtables.sourceforge.net/examples/basic.html#all

원본

http://linux.die.net/man/8/ebtables

전체 사용법 자세히

http://www.howtoforge.com/forums/showthread.php?t=35177

부팅 하면 설정이 초기화 되는 어이 없는 현상 일어 나네요 ㅠㅠ..

http://www.coffer.com/mac_find/

mac 번호 보기

arp -a

sudo apt-get install ebtables

sudo ebtables -F                # 설정 초화

sudo ebtables -t filter -F FORWARD  ##일부분만 초기화

sudo ebtables -t nat --atomic-init      ## 초기화

# 기본 설정 차단..

sudo ebtables --atomic-file nat_table -t nat --atomic-commit                     ## 시작 관련

sudo ebtables -P FORWARD DROP

sudo ebtables -P INPUT DROP

sudo ebtables -P OUTPUT DROP

# 로그 표시

sudo ebtables -A FORWARD --log-level info --log-ip --log-prefix EBFW

sudo ebtables -A INPUT --log-level info --log-ip --log-prefix EBFW

sudo ebtables -A OUTPUT --log-level info --log-ip --log-arp --log-prefix EBFW -j DROP

sudo ebtables -A FORWARD -s 00:11:22:33:44:55 -p IPV4 -j DROP

sudo ebtables -A FORWARD -s 00:11:22:33:44:55 -p IPV6 -j DROP

sudo ebtables -A FORWARD -s 00:11:22:33:44:55 -j DROP

sudo ebtables -A FORWARD -s 00:00:00:00:00:00/FF:FF:FF:FF:FF:FF -p IPV6 -j DROP
sudo ebtables -A INPUT -s 00:00:00:00:00:00/FF:FF:FF:FF:FF:FF -p IPV6 -j DROP
sudo ebtables -A OUTPUT -s 00:00:00:00:00:00/FF:FF:FF:FF:FF:FF -p IPV6 -j DROP

sudo ebtables -t broute -A BROUTING -p ipv4 -i eth0 --ip-dst 123.123.123.0/24 -j DROP

ip4 의 경우..

ipv6은 안됨..

sudo ebtables -t broute -A BROUTING -p arp -i eth0 --arp-ip-dst 172.16.1.1 -j DROP

sudo ebtables -t broute -A BROUTING -p ipv4 -i eth0 --ip-dst 172.16.1.1 -j DROP

sudo ebtables -t broute -A BROUTING -p arp -i eth0 -d $MAC_OF_ETH0 -j DROP

sudo ebtables -A FORWARD -i eth0 -p ip --ip-proto tcp --ip-source-port 80 --ip-source 123.123.123.0/24 -j DROP
sudo ebtables -A INPUT -i eth0 -p ip --ip-proto tcp --ip-source-port 80 --ip-source 123.123.123.0/24 -j DROP
sudo ebtables -A INPUT -i eth0 -p ip --ip-proto tcp --ip-destination-port 80 --ip-source 123.123.123.0/24 -j DROP
sudo ebtables -A INPUT -i eth0 -p ip --ip-destination 123.123.123.0/24 --ip-proto tcp --ip-source-port 80 -j DROP

sudo ebtables -A INPUT -i eth0 -p ip --ip-proto tcp --ip-source-port 80 --ip-source 0.0.0.0/255.255.255.255 -j DROP
sudo ebtables -A INPUT -i eth0 -p ip --ip-proto tcp --ip-destination-port 80 --ip-source 0.0.0.0/255.255.255.255 -j DROP

sudo ebtables -P FORWARD DROP
sudo ebtables -A FORWARD -p IPv4 -j DROP
sudo ebtables -A FORWARD -p ARP -j DROP
sudo ebtables -A FORWARD -p LENGTH -j DROP
sudo ebtables -A FORWARD --log-level info --log-ip --log-prefix EBFW

sudo ebtables -P INPUT DROP
sudo ebtables -A INPUT -p IPv4 -j DROP
sudo ebtables -A INPUT -p ARP -j DROP
sudo ebtables -A INPUT -p LENGTH -j DROP
sudo ebtables -A INPUT --log-level info --log-ip --log-prefix EBFW

sudo ebtables -P OUTPUT DROP
sudo ebtables -A OUTPUT -p IPv4 -j DROP
sudo ebtables -A OUTPUT -p ARP -j DROP
sudo ebtables -A OUTPUT -p LENGTH -j DROP
sudo ebtables -A OUTPUT --log-level info --log-ip --log-arp --log-prefix EBFW -j DROP

sudo ebtables -P FORWARD DROP
sudo ebtables -A FORWARD -p IPv6 -j DROP
sudo ebtables -A FORWARD -p ARP -j DROP
sudo ebtables -A FORWARD -p LENGTH -j DROP
sudo ebtables -A FORWARD --log-level info --log-ip --log-prefix EBFW

sudo ebtables -P INPUT DROP
sudo ebtables -A INPUT -p IPv6 -j DROP
sudo ebtables -A INPUT -p ARP -j DROP
sudo ebtables -A INPUT -p LENGTH -j DROP
sudo ebtables -A INPUT --log-level info --log-ip --log-prefix EBFW

sudo ebtables -P OUTPUT DROP
sudo ebtables -A OUTPUT -p IPv6 -j DROP
sudo ebtables -A OUTPUT -p ARP -j DROP
sudo ebtables -A OUTPUT -p LENGTH -j DROP
sudo ebtables -A OUTPUT --log-level info --log-ip --log-arp --log-prefix EBFW -j DROP

최정 정책 저장
sudo ebtables --atomic-file nat_table -t nat --atomic-save

불러 오기

sudo ebtables-atomic ebtables -t nat --atomic-commit

http://johanv.org/node/190

-_- 아무리 해도 실행이 안된다 ㅠㅠ..

여기에 맨 아래 줄에 추가 하라고 한다..

/etc/rc.local

EBTABLES_ATOMIC_FILE=/root/ebtables-atomic ebtables -t nat --atomic-commit

exit 0

sudo cp -f /etc/rc.local ~/

sudo perl -pi -e "s/exit 0/#Modified ebtables/g" /etc/rc.local

sudo sh -c 'echo "EBTABLES_ATOMIC_FILE=/root/ebtables-atomic ebtables -t nat --atomic-commit" >> /etc/rc.local'

sudo sh -c 'echo "exit 0" >> /etc/rc.local'

보기

sudo ebtables -L

[동우]

http://beginlinux.com/sec_train_m/10-traincat/1310-set-up-the-bridge