Well... This seems to work: iptables -t raw -A PREROUTING -d 172.27.0.111 -j DROP iptables -t raw -A PREROUTING -s 172.27.0.111 -j DROP So far... ET kitepilot@kitepilot.com writes: > I did not however know about '-m physdev --physdev-in' > That may be the ticket! 8-) > Will report... > ET > > > Michael Butash writes: > >> I was curious too as usually not ever doing bridging within linux, and >> not to be an arse, but googling "iptables bridge filter" for you seemed >> to turn up interesting results first: >> >> http://serverfault.com/questions/607224/iptables-matching-packets-for-bri >> d ged-interface >> >> I never knew about ebtables myself, so great question none the less. >> >> -mb >> >> >> >> On 12/23/2015 01:20 AM, kitepilot@kitepilot.com wrote: >>> Hello there... >>> I have a 2-nics Linux box configured as a bridge 'br0'. >>> World comes in via either nic (eth0 or eth1) and network is fed via the >>> other nic (eth1 or eth0 depending on above, should be irrelevant). >>> I have a non trivial question and PLEASE avoid the 'use iptables' answer >>> unless you know what rule to apply to which chain and on which interface >>> (eth0/eth1/br0). >>> Non trivial question is: >>> How do I block specific IP addresses/networks from traversing the >>> bridge? >>> Or in other words: >>> I want all connections from a particular address/subnet to be DROP(ed) >>> in that bridge. >>> Neither FORWARD nor INPUT will catch the packet in br0 because it is >>> neither addressed to the box not NAT(ed), and apparently neither eth0 >>> nor eth1 will hand packets to netfilter. >>> Thanks. >>> ET >>> PS: Merry Xmas to all... :) >>> --------------------------------------------------- >>> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org >>> To subscribe, unsubscribe, or to change your mail settings: >>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss >> >> --------------------------------------------------- >> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org >> To subscribe, unsubscribe, or to change your mail settings: >> http://lists.phxlinux.org/mailman/listinfo/plug-discuss > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org > To subscribe, unsubscribe, or to change your mail settings: > http://lists.phxlinux.org/mailman/listinfo/plug-discuss --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss