I need to block on the grounds of IP address... :( There will be 'public addresses' traversing this br0. Thanks! ET Mike Ballon writes: > Have you tried "--mac-source"? > > ie: iptables -A INPUT -m mac –mac-source the:mac:address: -j DROP > > On Wed, Dec 17, 2014 at 7:48 AM, wrote: >> >> Hello World: >> This is the scenario: >> MY.DSK.BOX (eth0) <=> (eth?) MY.BR0.BOX (eth?) <=> MY.TST.BOX (eth0) >> I want to use iptables to stop unwanted traffic to traverse MY.BR0.BOX. >> MY.DSK.BOX and MY.TST.BOX are in the same subnet. >> The IP/subnet of MY.BR0.BOX is irrelevant because MY.BR0.BOX is invisible >> to the 'functional' network. >> Yes, this WORKS (it is working now), and I can not make MY.BR0.BOX visible >> to the network because of more reasons that I have time to write about. >> >> WHAT I WANT: >> GOOD packets are allowed to traverse MY.BR0.BOX back and forth without >> further restrictions. >> BAD packets to/from MY.DSK.BOX to/from MY.TST.BOX are dropped at >> MY.BR0.BOX >> So far I have been able to drop the traffic in only one direction, but not >> both... :( >> Bridge definition below: >> Thanks! >> ET >> >> >> >> >> # This file describes the network interfaces available on your system >> # and how to activate them. For more information, see interfaces(5). >> # The loopback network interface >> auto lo >> iface lo inet loopback >> # The primary network interface >> allow-hotplug eth0 >> # iface eth0 inet dhcp >> iface eth0 inet manual >> # The primary network interface >> allow-hotplug eth1 >> # iface eth1 inet dhcp >> iface eth1 inet manual >> # Bridge setup >> auto br0 >> iface br0 inet dhcp >> bridge_ports eth0 eth1 >> --------------------------------------------------- >> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org >> To subscribe, unsubscribe, or to change your mail settings: >> http://lists.phxlinux.org/mailman/listinfo/plug-discuss >> --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss