What can't ebtables do?

  • Full-fledged IPv4/IPv6/ARP filtering (use iptables/ip6tables/arptables).
  • Filter higher layer protocols over 802.3 Ethernet, f.e. filtering on ARP packets in a 802.3 Ethernet frame. {Ip,Ip6,Arp}tables currently won't filter IPv4/IPv6/ARP traffic over 802.3 Ethernet frames either.
  • Probably lots of other things...