Could you provide a sample of your rules?  Are you dropping in and outbound
traffic? Are you using bro as a vpn server and encrypting the traffic? Are
you using policy based routing? Etc. More information is always better :)
On Dec 17, 2014 6:37 AM, "Mike Ballon" <mike.ballon@gmail.com> wrote:

> Have you tried "--mac-source"?
>
> ie: iptables -A INPUT -m mac –mac-source the:mac:address: -j DROP
>
> On Wed, Dec 17, 2014 at 7:48 AM, <kitepilot@kitepilot.com> wrote:
>>
>> Hello World:
>> This is the scenario:
>> MY.DSK.BOX (eth0) <=> (eth?) MY.BR0.BOX (eth?) <=> MY.TST.BOX (eth0)
>> I want to use iptables to stop unwanted traffic to traverse MY.BR0.BOX.
>> MY.DSK.BOX and MY.TST.BOX are in the same subnet.
>> The IP/subnet of MY.BR0.BOX is irrelevant because MY.BR0.BOX is invisible
>> to the 'functional' network.
>> Yes, this WORKS (it is working now), and I can not make MY.BR0.BOX
>> visible to the network because of more reasons that I have time to write
>> about.
>>
>> WHAT I WANT:
>> GOOD packets are allowed to traverse MY.BR0.BOX back and forth without
>> further restrictions.
>> BAD packets to/from MY.DSK.BOX to/from MY.TST.BOX are dropped at
>> MY.BR0.BOX
>> So far I have been able to drop the traffic in only one direction, but
>> not both...   :(
>> Bridge definition below:
>> Thanks!
>> ET
>>
>>
>>
>>
>> # This file describes the network interfaces available on your system
>> # and how to activate them. For more information, see interfaces(5).
>> # The loopback network interface
>> auto lo
>> iface lo inet loopback
>> # The primary network interface
>> allow-hotplug eth0
>> # iface eth0 inet dhcp
>> iface eth0 inet manual
>> # The primary network interface
>> allow-hotplug eth1
>> # iface eth1 inet dhcp
>> iface eth1 inet manual
>> # Bridge setup
>> auto br0
>> iface br0 inet dhcp
>>        bridge_ports eth0 eth1
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>