You could probably via ebtables as they inspect ethernet frames directly. That can be used for example to not allow VMs on host to spoof mac addresses.
But easiest way is just don't allow app to run with permission to access raw socket. That's it.
The problem is really that there is no way to get UDP interface that also gives you mac address of the packet so raw sockets are only way to do it.
Similarly there is no interface to send ICMP packets other than raw sockets.
But easiest way is just don't allow app to run with permission to access raw socket. That's it.
The problem is really that there is no way to get UDP interface that also gives you mac address of the packet so raw sockets are only way to do it.
Similarly there is no interface to send ICMP packets other than raw sockets.