I was curious too as usually not ever doing bridging within linux, and
not to be an arse, but googling "iptables bridge filter" for you seemed
to turn up interesting results first:
http://serverfault.com/questions/607224/iptables-matching-packets-for-bridged-interface
I never knew about ebtables myself, so great question none the less.
-mb
On 12/23/2015 01:20 AM,
kitepilot@kitepilot.com wrote:
> Hello there...
> I have a 2-nics Linux box configured as a bridge 'br0'.
> World comes in via either nic (eth0 or eth1) and network is fed via
> the other nic (eth1 or eth0 depending on above, should be irrelevant).
> I have a non trivial question and PLEASE avoid the 'use iptables'
> answer unless you know what rule to apply to which chain and on which
> interface (eth0/eth1/br0).
> Non trivial question is:
> How do I block specific IP addresses/networks from traversing the bridge?
> Or in other words:
> I want all connections from a particular address/subnet to be DROP(ed)
> in that bridge.
> Neither FORWARD nor INPUT will catch the packet in br0 because it is
> neither addressed to the box not NAT(ed), and apparently neither eth0
> nor eth1 will hand packets to netfilter.
> Thanks.
> ET
> PS: Merry Xmas to all... :)
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss
(text/plain)