Created
November 19, 2022 18:04
-
-
Save kerus1024/25b9d0ff01c5a001f94131e252a7fb66 to your computer and use it in GitHub Desktop.
Proxmox MAC/IP Filter
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| ebtables -F INPUT | |
| ebtables -F FORWARD | |
| CHAINNAME=MY_MACFILTER | |
| ebtables -F $CHAINNAME 2>/dev/null | |
| ebtables -D $CHAINNAME 2>/dev/null | |
| ebtables -N $CHAINNAME | |
| ebtables -A INPUT -j $CHAINNAME | |
| ebtables -A FORWARD -j $CHAINNAME | |
| function mac_filter() { | |
| name=$1 | |
| interface=$2 | |
| macaddress=$3 | |
| ipaddress=$4 | |
| block_internal=$5 | |
| ebtables -A $CHAINNAME -i $interface ! --src $macaddress -j DROP | |
| ebtables -A $CHAINNAME -i $interface -p IPv4 --ip-src 169.254.0.0/16 -j ACCEPT | |
| ebtables -A $CHAINNAME -i $interface -p IPv4 --ip-src 0.0.0.0 -j ACCEPT | |
| ebtables -A $CHAINNAME -i $interface -p IPv4 ! --ip-src $ipaddress -j DROP | |
| if [ ! -z "$block_internal" ]; then | |
| ebtables -A $CHAINNAME -i $interface -p IPv4 --ip-dst 10.1.1.0/24 -j ACCEPT | |
| ebtables -A $CHAINNAME -i $interface -p IPv4 --ip-dst 10.0.0.0/8 -j DROP | |
| fi | |
| } | |
| mac_filter "instance001" tap3001i0 3E:01:0C:22:C5:A3 10.1.1.101 yes |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment