Re: How do I block (iptables) traffic on a #$%@ING bridge (b…

Top Page
This message is part of the following thread:
M\the complete thread tree sorted by date
MMkitepilot@kitepilot.com at <-
Mkitepilot@kitepilot.com at ->
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: kitepilot@kitepilot.com
Date:  
To: Main PLUG discussion list
Subject: Re: How do I block (iptables) traffic on a #$%@ING bridge (br0)
> Could you provide a sample of your rules?
# iptables -t filter -A FORWARD -d MY.DSK.BOX -j DROP
# iptables -t filter -A FORWARD -s MY.DSK.BOX -j DROP


> Are you dropping in and outbound traffic?
That's what I want to do! :)


> Are you using bro as a vpn server and encrypting the traffic?
No.


> Are you using policy based routing? Etc.
No.



More information is always better :)
Agree!!!



This is a brain-dead test to stop traffic between (to and from) MY.DSK.BOX
and MY.TST.BOX using MY.BR0.BOX as a transparent bridge.
MY.BR0.BOX will not even be (when deployed) in the same subnet as MY.DSK.BOX
and MY.TST.BOX.
Thanks!
ET




> On Dec 17, 2014 6:37 AM, "Mike Ballon" <> wrote:
>
>> Have you tried "--mac-source"?
>>
>> ie: iptables -A INPUT -m mac –mac-source the:mac:address: -j DROP
>>
>> On Wed, Dec 17, 2014 at 7:48 AM, <> wrote:
>>>
>>> Hello World:
>>> This is the scenario:
>>> MY.DSK.BOX (eth0) <=> (eth?) MY.BR0.BOX (eth?) <=> MY.TST.BOX (eth0)
>>> I want to use iptables to stop unwanted traffic to traverse MY.BR0.BOX.
>>> MY.DSK.BOX and MY.TST.BOX are in the same subnet.
>>> The IP/subnet of MY.BR0.BOX is irrelevant because MY.BR0.BOX is invisible
>>> to the 'functional' network.
>>> Yes, this WORKS (it is working now), and I can not make MY.BR0.BOX
>>> visible to the network because of more reasons that I have time to write
>>> about.
>>>
>>> WHAT I WANT:
>>> GOOD packets are allowed to traverse MY.BR0.BOX back and forth without
>>> further restrictions.
>>> BAD packets to/from MY.DSK.BOX to/from MY.TST.BOX are dropped at
>>> MY.BR0.BOX
>>> So far I have been able to drop the traffic in only one direction, but
>>> not both... :(
>>> Bridge definition below:
>>> Thanks!
>>> ET
>>>
>>>
>>>
>>>
>>> # This file describes the network interfaces available on your system
>>> # and how to activate them. For more information, see interfaces(5).
>>> # The loopback network interface
>>> auto lo
>>> iface lo inet loopback
>>> # The primary network interface
>>> allow-hotplug eth0
>>> # iface eth0 inet dhcp
>>> iface eth0 inet manual
>>> # The primary network interface
>>> allow-hotplug eth1
>>> # iface eth1 inet dhcp
>>> iface eth1 inet manual
>>> # Bridge setup
>>> auto br0
>>> iface br0 inet dhcp
>>>        bridge_ports eth0 eth1
>>> ---------------------------------------------------
>>> PLUG-discuss mailing list - 
>>> To subscribe, unsubscribe, or to change your mail settings:
>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss

>>>
>>
>> ---------------------------------------------------
>> PLUG-discuss mailing list -
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>
---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss
This message was posted to the following mailing lists:
Plug Discuss
Mailing List Info | Nearby Messages		<-Re: How do I block (iptables) traffic on a #$%@ING bridge (br0)Re: How do I block (iptables) traffic on a #$%@ING bridge (br0)->
Some Mailing List Archive administrated by UnconfiguredLurker (version 2.3)