Answer the question
In order to leave comments, you need to log in
Is there an analogue of Cisco port security in Linux?
Good day, comrades! Interested in one simple question, voiced above. In a little more detail, the situation is as follows.
There is an OpenVPN server that hard-binds an IP address to an issued certificate.
It is necessary to limit on the Linux server the number of MAC addresses coming to the interface from a certain IP. Let's say no more than 5 poppies.
It is not to allow one specific poppy, and not to ban it, but to limit their number.
Well, that is, so that a person can use certificates on a phone, laptop and home computer, but cannot install certificates on a router and hide a couple of dozen more devices behind this router.
Is this feasible? I would be very grateful for an answer!
Answer the question
In order to leave comments, you need to log in
Not explicitly, but you can play around with utilities such as etables, brctl. However, this will not help you, since in general there is always only one Mac address for one ip address. Read how ARP works. Better bind certificates hard.
ebtables - same as iptables, but works one level down, with poppy addresses.
you can try to tinker...
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question