I did not however know about '-m physdev --physdev-in' That may be the ticket! 8-) Will report... ET Michael Butash writes: > I was curious too as usually not ever doing bridging within linux, and not > to be an arse, but googling "iptables bridge filter" for you seemed to > turn up interesting results first: > > http://serverfault.com/questions/607224/iptables-matching-packets-for-brid > ged-interface > > I never knew about ebtables myself, so great question none the less. > > -mb > > > > On 12/23/2015 01:20 AM, kitepilot@kitepilot.com wrote: >> Hello there... >> I have a 2-nics Linux box configured as a bridge 'br0'. >> World comes in via either nic (eth0 or eth1) and network is fed via the >> other nic (eth1 or eth0 depending on above, should be irrelevant). >> I have a non trivial question and PLEASE avoid the 'use iptables' answer >> unless you know what rule to apply to which chain and on which interface >> (eth0/eth1/br0). >> Non trivial question is: >> How do I block specific IP addresses/networks from traversing the bridge? >> Or in other words: >> I want all connections from a particular address/subnet to be DROP(ed) in >> that bridge. >> Neither FORWARD nor INPUT will catch the packet in br0 because it is >> neither addressed to the box not NAT(ed), and apparently neither eth0 nor >> eth1 will hand packets to netfilter. >> Thanks. >> ET >> PS: Merry Xmas to all... :) >> --------------------------------------------------- >> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org >> To subscribe, unsubscribe, or to change your mail settings: >> http://lists.phxlinux.org/mailman/listinfo/plug-discuss > > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org > To subscribe, unsubscribe, or to change your mail settings: > http://lists.phxlinux.org/mailman/listinfo/plug-discuss --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss