The arptables command is a Linux utility that is used to manage the ARP packet filter rule table. ARP stands for Address Resolution Protocol, a protocol used to map a network address (such as an IP address) to a physical address (such as a MAC address). The arptables command allows you to view, add, delete, and modify rules in the ARP packet filter rule table.
Overview
Viewing the ARP packet filter rule table
To view the current ARP packet filter rule table, run the following command:
arptables -L
This will display the current rules in the ARP packet filter rule table.
Adding a rule to the ARP packet filter rule table
To add a rule to the ARP packet filter rule table, use the following command:
arptables -A <chain> <rule-specification>
<chain> specifies the chain to which the rule should be added, and <rule-specification> specifies the rule to be added. For example, to add a rule that blocks all ARP traffic from a specific IP address, you could use the following command:
arptables -A INPUT -s 192.168.1.100 -j DROP
This will add a rule to the INPUT chain that drops all ARP traffic from the IP address 192.168.1.100.
Deleting a rule from the ARP packet filter rule table
To delete a rule from the ARP packet filter rule table, use the following command:
arptables -D <chain> <rule-specification>
<chain> specifies the chain from which the rule should be deleted, and <rule-specification> specifies the rule to be deleted. For example, to delete the rule that blocks all ARP traffic from the IP address 192.168.1.100 that we added in the previous example, you could use the following command:
arptables -D INPUT -s 192.168.1.100 -j DROP
This will delete the rule from the INPUT chain.
Modifying a rule in the ARP packet filter rule table
To modify a rule in the ARP packet filter rule table, you can delete the old rule and add a new rule in its place using the arptables -D and arptables -A commands.
Specific Use Cases
The arptables command can be useful in a variety of scenarios, such as:
- Blocking ARP spoofing attacks
- Restricting ARP traffic to specific IP addresses
- Allowing or blocking ARP traffic from specific MAC addresses
Options
The following options are available for the arptables command:
| Option | Description |
|---|---|
-A <chain> <rule-specification> |
Append a rule to the specified chain |
-D <chain> <rule-specification> |
Delete a rule from the specified chain |
-E <chain> <rule-specification> |
Replace the rules in the specified chain |
-F <chain> |
Flush all rules from the specified chain |
-L <chain> |
List all rules in the specified chain |
-N <chain> |
Create a new chain |
-P <chain> <target> |
Set the policy for the specified chain |
-X <chain> |
Delete the specified chain |
Troubleshooting Tips
- If you are having trouble with a rule not working as expected, make sure that the rule is in the correct chain and that it is listed before any rules that might conflict with it.
- If you accidentally lock yourself out of your server by adding a rule that blocks all ARP traffic, you can use the
arptables -Fcommand to flush all rules from the ARP packet filter rule table and start over.
Notes
- The
arptablescommand requires root privileges to run. - The ARP packet filter rule table is separate from the iptables firewall rule table, so rules added to one table will not affect the other.