[root@localhost ~]# wget http://cdnetworks-kr-2.dl.sourceforge.net/project/ebtables/arptables/arptables-v0.0.3/arptables-v0.0.3-4.tar.gz

  [root@localhost ~]#tar xvfarptables-v0.0.3-4.tar.gz

  [root@localhost ~]#cdarptables-v0.0.3-4.tar.gz

  [root@localhost ~]#make &&make install

配置 ：防止ARP最有效的方法是只允许网关的ARP包 ，我现在的环境网关IP：59.37.172.1 MAC: 00:23:89:4D:29:12

本机IP:59.37.172.81  MAC: 00:E0:81:D2:75:C5

另外一台机器IP：59.37.172.80

要求 只允许和网关通信（这象是费话，不和网关通信数据怎么才能够出去呢）

# arptables -A INPUT --src-ip 59.37.172.81--src-mac 00:23:89:4D:29:12 -j ACCEPT

#arptables -A INPUT --src-ip 59.37.172.1--src-mac00:E0:81:D2:75:C5 -j ACCEPT

#arptables –P INPUT DROP

配置是不是很简单，和iptables 非常类似。不会的 man arptables  或者 google  关健字 arptables ,其实你们懂的J

现在在80上PING 81

[root@localhost ~]# ping 59.37.172.81

PING 59.37.172.81 (59.37.172.81) 56(84)bytes of data.

From 59.37.172.80 icmp_seq=2 DestinationHost Unreachable

From 59.37.172.80 icmp_seq=3 DestinationHost Unreachable

From 59.37.172.80 icmp_seq=4 DestinationHost Unreachable

From 59.37.172.80 icmp_seq=6 DestinationHost Unreachable

From 59.37.172.80 icmp_seq=7 DestinationHost Unreachable

From 59.37.172.80 icmp_seq=8 DestinationHost Unreachable

From 59.37.172.80 icmp_seq=10 DestinationHost Unreachable

From 59.37.172.80 icmp_seq=11 DestinationHost Unreachable

From 59.37.172.80 icmp_seq=12 DestinationHost Unreachable

From 59.37.172.80 icmp_seq=14 DestinationHost Unreachable

From 59.37.172.80 icmp_seq=15 DestinationHost Unreachable

From 59.37.172.80 icmp_seq=16 DestinationHost Unreachable

--- 59.37.172.81 ping statistics ---

19 packets transmitted, 0 received, +12errors, 100% packet loss, time 17999ms

, pipe 3

[root@localhost ~]# arp -a

? (59.37.172.1) at 00:23:89:4D:29:12[ether] on eth0

? (59.37.172.81) at on eth0

[root@localhost ~]#