This is an entirely different case, there are '2' interfaces here:
br0 and eth2
And it is logging a 'route'
In my case, there is only 'br0', and I want to drop traffic on the grounds
of IP specific addresses (mainly Eastern Europe and Asia), either in or out
and regardless of the interface,
But from what I see, INPUT and FORWARD will not work and neither 'ethX' will
ever see the packet because it is handled on the 'br0' stack.
There's gotta be a $%#@ way... :(
But thanks...
ET
PS: ebtables won't work either because it works on MAC addresses.
Think about it...
Michael Butash writes:
I was curious too as usually not ever doing bridging within linux, and not
to be an arse, but googling "iptables bridge filter" for you seemed to
turn up interesting results first:
http://serverfault.com/questions/607224/iptables-matching-packets-for-brid
ged-interface
I never knew about ebtables myself, so great question none the less.
-mb
On 12/23/2015 01:20 AM, [email protected] wrote:
Hello there...
I have a 2-nics Linux box configured as a bridge 'br0'.
World comes in via either nic (eth0 or eth1) and network is fed via the
other nic (eth1 or eth0 depending on above, should be irrelevant).
I have a non trivial question and PLEASE avoid the 'use iptables' answer
unless you know what rule to apply to which chain and on which interface
(eth0/eth1/br0).
Non trivial question is:
How do I block specific IP addresses/networks from traversing the bridge?
Or in other words:
I want all connections from a particular address/subnet to be DROP(ed) in
that bridge.
Neither FORWARD nor INPUT will catch the packet in br0 because it is
neither addressed to the box not NAT(ed), and apparently neither eth0 nor
eth1 will hand packets to netfilter.
Thanks.
ET
PS: Merry Xmas to all... :)
---------------------------------------------------
PLUG-discuss mailing list - [email protected]
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss
---------------------------------------------------
PLUG-discuss mailing list - [email protected]
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss
---------------------------------------------------
PLUG-discuss mailing list - [email protected]
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss
