# arptables example

## Corona688

What is a simple example rule to block a certain MAC address' ARP requests on a given interface?

----------

## Corona688

bump

----------

## kommissar

Hi,

I do this to prevent the people that live on my hall at the Uni from arpspoofing me.  Comp. Sci. majors love to play pranks on each other, like performing a man in the middle attack and stealing your passwords.

```
p4 ~ # arptables-save 

*filter

:INPUT ACCEPT

:OUTPUT ACCEPT

:FORWARD ACCEPT

-A INPUT -j DROP -i any -o any -s 134.82.120.254 ! --src-mac 00:d0:02:ec:b3:fc

-A INPUT -j DROP -i any -o any ! -s 134.82.120.0/24 ! --src-mac 00:d0:02:ec:b3:fc
```

Drop anything that says it's 134.82.120.254 (the gateway) that is not 00:d0:02:ec:b3:fc (the real gateway), and then drop anything that's outside of 134.82.120.0/24 that is not 00:d0:02:ec:b3:fc, since we probably don't need it.

----------

