Could you provide a sample of your rules?
# iptables -t filter -A FORWARD -d MY.DSK.BOX -j DROP
# iptables -t filter -A FORWARD -s MY.DSK.BOX -j DROP
Are you dropping in and outbound traffic?
That's what I want to do! :)
Are you using bro as a vpn server and encrypting the traffic?
No.
Are you using policy based routing? Etc.
No.
More information is always better :)
Agree!!!
This is a brain-dead test to stop traffic between (to and from) MY.DSK.BOX
and MY.TST.BOX using MY.BR0.BOX as a transparent bridge.
MY.BR0.BOX will not even be (when deployed) in the same subnet as MY.DSK.BOX
and MY.TST.BOX.
Thanks!
ET
On Dec 17, 2014 6:37 AM, "Mike Ballon" <[email protected]> wrote:
Have you tried "--mac-source"?
ie: iptables -A INPUT -m mac –mac-source the:mac:address: -j DROP
On Wed, Dec 17, 2014 at 7:48 AM, <[email protected]> wrote:
Hello World:
This is the scenario:
MY.DSK.BOX (eth0) <=> (eth?) MY.BR0.BOX (eth?) <=> MY.TST.BOX (eth0)
I want to use iptables to stop unwanted traffic to traverse MY.BR0.BOX.
MY.DSK.BOX and MY.TST.BOX are in the same subnet.
The IP/subnet of MY.BR0.BOX is irrelevant because MY.BR0.BOX is invisible
to the 'functional' network.
Yes, this WORKS (it is working now), and I can not make MY.BR0.BOX
visible to the network because of more reasons that I have time to write
about.
WHAT I WANT:
GOOD packets are allowed to traverse MY.BR0.BOX back and forth without
further restrictions.
BAD packets to/from MY.DSK.BOX to/from MY.TST.BOX are dropped at
MY.BR0.BOX
So far I have been able to drop the traffic in only one direction, but
not both... :(
Bridge definition below:
Thanks!
ET
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
allow-hotplug eth0
# iface eth0 inet dhcp
iface eth0 inet manual
# The primary network interface
allow-hotplug eth1
# iface eth1 inet dhcp
iface eth1 inet manual
# Bridge setup
auto br0
iface br0 inet dhcp
bridge_ports eth0 eth1
---------------------------------------------------
PLUG-discuss mailing list - [email protected]
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss
---------------------------------------------------
PLUG-discuss mailing list - [email protected]
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss
---------------------------------------------------
PLUG-discuss mailing list - [email protected]
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss
