How do I block (iptables) traffic on a #$%@ING bridge (br0)

[kitepilot at kitepilot.com]

I need to block on the grounds of IP address...   :(
There will be 'public addresses' traversing this br0.
Thanks!
ET 


Mike Ballon writes: 

> Have you tried "--mac-source"? 
> 
> ie: iptables -A INPUT -m mac –mac-source the:mac:address: -j DROP 
> 
> On Wed, Dec 17, 2014 at 7:48 AM, <kitepilot at kitepilot.com> wrote:
>>
>> Hello World:
>> This is the scenario:
>> MY.DSK.BOX (eth0) <=> (eth?) MY.BR0.BOX (eth?) <=> MY.TST.BOX (eth0)
>> I want to use iptables to stop unwanted traffic to traverse MY.BR0.BOX.
>> MY.DSK.BOX and MY.TST.BOX are in the same subnet.
>> The IP/subnet of MY.BR0.BOX is irrelevant because MY.BR0.BOX is invisible
>> to the 'functional' network.
>> Yes, this WORKS (it is working now), and I can not make MY.BR0.BOX visible
>> to the network because of more reasons that I have time to write about. 
>>
>> WHAT I WANT:
>> GOOD packets are allowed to traverse MY.BR0.BOX back and forth without
>> further restrictions.
>> BAD packets to/from MY.DSK.BOX to/from MY.TST.BOX are dropped at
>> MY.BR0.BOX
>> So far I have been able to drop the traffic in only one direction, but not
>> both...   :(
>> Bridge definition below:
>> Thanks!
>> ET 
>>
>> 
>>
>>
>> # This file describes the network interfaces available on your system
>> # and how to activate them. For more information, see interfaces(5).
>> # The loopback network interface
>> auto lo
>> iface lo inet loopback
>> # The primary network interface
>> allow-hotplug eth0
>> # iface eth0 inet dhcp
>> iface eth0 inet manual
>> # The primary network interface
>> allow-hotplug eth1
>> # iface eth1 inet dhcp
>> iface eth1 inet manual
>> # Bridge setup
>> auto br0
>> iface br0 inet dhcp
>>        bridge_ports eth0 eth1
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss 
>>