Filtering ARP Traffic With Linux Arptables
Filtering ARP Traffic With Linux Arptables
linux-audit.com
Installation
Debian / Ubuntu
Configuration example
1 of 6 8/1/19, 9:03 PM
Filtering ARP traffic with Linux arptables about:reader?url=https://linux-audit.com/filtering...
With the arp command we can query the current list of known
ARP addresses.
root@ubuntu:/data# arp
Address HWtype
HWaddress Flags Mask
Iface
System.cisofy.com ether
00:a7:22:23:d1:f3 C eth0
Router.cisofy.com ether
d8:d7:21:22:5a:8d C eth0
Arptables can block traffic by filtering out the IP. So let’s query
the arp list again, now in numeric format.
root@ubuntu:/data# arp -n
Address HWtype
HWaddress Flags Mask
Iface
192.168.1.20 ether
00:a7:22:23:d1:f3 C eth0
192.168.1.1 ether
d8:d7:21:22:5a:f4 C eth0
2 of 6 8/1/19, 9:03 PM
Filtering ARP traffic with Linux arptables about:reader?url=https://linux-audit.com/filtering...
192.168.1.1 -j DROP
root@ubuntu:/data# arp -n
Address HWtype
HWaddress Flags Mask
Iface
192.168.1.20 ether
00:a7:22:23:d1:f3 C eth0
192.168.1.1 ether
d8:d7:21:22:5a:f4 C eth0
3 of 6 8/1/19, 9:03 PM
Filtering ARP traffic with Linux arptables about:reader?url=https://linux-audit.com/filtering...
4 of 6 8/1/19, 9:03 PM
Filtering ARP traffic with Linux arptables about:reader?url=https://linux-audit.com/filtering...
All ARP packets are blocked now. Each system which will
transmitting traffic will end up as an (incomplete) entry.
Conclusion
5 of 6 8/1/19, 9:03 PM
Filtering ARP traffic with Linux arptables about:reader?url=https://linux-audit.com/filtering...
6 of 6 8/1/19, 9:03 PM