How do I block (iptables) traffic on a #$%@ING bridge (br0)

[Mike Ballon]

Have you tried "--mac-source"?

ie: iptables -A INPUT -m mac –mac-source the:mac:address: -j DROP

On Wed, Dec 17, 2014 at 7:48 AM, <kitepilot at kitepilot.com> wrote:
>
> Hello World:
> This is the scenario:
> MY.DSK.BOX (eth0) <=> (eth?) MY.BR0.BOX (eth?) <=> MY.TST.BOX (eth0)
> I want to use iptables to stop unwanted traffic to traverse MY.BR0.BOX.
> MY.DSK.BOX and MY.TST.BOX are in the same subnet.
> The IP/subnet of MY.BR0.BOX is irrelevant because MY.BR0.BOX is invisible
> to the 'functional' network.
> Yes, this WORKS (it is working now), and I can not make MY.BR0.BOX visible
> to the network because of more reasons that I have time to write about.
>
> WHAT I WANT:
> GOOD packets are allowed to traverse MY.BR0.BOX back and forth without
> further restrictions.
> BAD packets to/from MY.DSK.BOX to/from MY.TST.BOX are dropped at
> MY.BR0.BOX
> So far I have been able to drop the traffic in only one direction, but not
> both...   :(
> Bridge definition below:
> Thanks!
> ET
>
>
>
>
> # This file describes the network interfaces available on your system
> # and how to activate them. For more information, see interfaces(5).
> # The loopback network interface
> auto lo
> iface lo inet loopback
> # The primary network interface
> allow-hotplug eth0
> # iface eth0 inet dhcp
> iface eth0 inet manual
> # The primary network interface
> allow-hotplug eth1
> # iface eth1 inet dhcp
> iface eth1 inet manual
> # Bridge setup
> auto br0
> iface br0 inet dhcp
>        bridge_ports eth0 eth1
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20141217/0f038f6d/attachment.html>