Hi,
>> An alternative approach might be to turn off learning and discovery on the
>> interface and add MAC addresses that are allowed to communicate statically.
As a matter of fact I can add MACs supposed to be reached from each interface
of the bridge, at the same time I update Bridge Rules. But this wouldn't be a
(source-)MAC based filter any more!
I intend to switch the traffic originating from "unknown" MACs to a "quarantine"
subnet, connected to a third interface member of the bridge.
I---------I I------------I I------------------I
I LAN I--------I Bridge I----------I Protected subnet I
I---------I I------------I I------------------I
I
I
I
I------------I
I quarantine I
I subnet I
I------------I
I don't think your proposal would help.
I suppose I have to have a look at other Bridge implementations!
Regards,
Amir
