How to block trafic on a bridge interface?
kitepilot at kitepilot.com
kitepilot at kitepilot.com
Wed Dec 23 01:20:40 MST 2015
Hello there...
I have a 2-nics Linux box configured as a bridge 'br0'.
World comes in via either nic (eth0 or eth1) and network is fed via the
other nic (eth1 or eth0 depending on above, should be irrelevant).
I have a non trivial question and PLEASE avoid the 'use iptables' answer
unless you know what rule to apply to which chain and on which interface
(eth0/eth1/br0).
Non trivial question is:
How do I block specific IP addresses/networks from traversing the bridge?
Or in other words:
I want all connections from a particular address/subnet to be DROP(ed) in
that bridge.
Neither FORWARD nor INPUT will catch the packet in br0 because it is neither
addressed to the box not NAT(ed), and apparently neither eth0 nor eth1 will
hand packets to netfilter.
Thanks.
ET
PS: Merry Xmas to all... :)
More information about the PLUG-discuss
mailing list