This is an entirely different case, there are '2' interfaces here: br0 and eth2 And it is logging a 'route' In my case, there is only 'br0', and I want to drop traffic on the grounds of IP specific addresses (mainly Eastern Europe and Asia), either in or out and regardless of the interface, But from what I see, INPUT and FORWARD will not work and neither 'ethX' will ever see the packet because it is handled on the 'br0' stack. There's gotta be a $%#@ way... :( But thanks... ET PS: ebtables won't work either because it works on MAC addresses. Think about it... Michael Butash writes: > I was curious too as usually not ever doing bridging within linux, and not > to be an arse, but googling "iptables bridge filter" for you seemed to > turn up interesting results first: > > http://serverfault.com/questions/607224/iptables-matching-packets-for-brid > ged-interface > > I never knew about ebtables myself, so great question none the less. > > -mb > > > > On 12/23/2015 01:20 AM, kitepilot@kitepilot.com wrote: >> Hello there... >> I have a 2-nics Linux box configured as a bridge 'br0'. >> World comes in via either nic (eth0 or eth1) and network is fed via the >> other nic (eth1 or eth0 depending on above, should be irrelevant). >> I have a non trivial question and PLEASE avoid the 'use iptables' answer >> unless you know what rule to apply to which chain and on which interface >> (eth0/eth1/br0). >> Non trivial question is: >> How do I block specific IP addresses/networks from traversing the bridge? >> Or in other words: >> I want all connections from a particular address/subnet to be DROP(ed) in >> that bridge. >> Neither FORWARD nor INPUT will catch the packet in br0 because it is >> neither addressed to the box not NAT(ed), and apparently neither eth0 nor >> eth1 will hand packets to netfilter. >> Thanks. >> ET >> PS: Merry Xmas to all... :) >> --------------------------------------------------- >> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org >> To subscribe, unsubscribe, or to change your mail settings: >> http://lists.phxlinux.org/mailman/listinfo/plug-discuss > > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org > To subscribe, unsubscribe, or to change your mail settings: > http://lists.phxlinux.org/mailman/listinfo/plug-discuss --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss