[LARTC] blocking traffic on the FORWARD chain using physdev
William Bohannan
WBohannan at spidersat.com.gh
Thu Dec 14 12:55:22 CET 2006
Currently using physdev on a bridge to try and isolate certain paths
across and to the bridge. It all works except when trying to stop the
flow in one direction on the FORWARD chain?? Can someone please help??
Below is the testing done so far.
eth1 <---> BRIDGE <---> eth0
# Block (eth0 ---> eth1) - blocks both directions and not just one??
iptables -A FORWARD -m physdev --physdev-out eth1 -p icmp -j DROP
# Block (eth0 <--- eth1) - blocks both directions and not just one??
iptables -A FORWARD -m physdev --physdev-out eth1 -p icmp -j DROP
# Block (eth0 ---> BRIDGE) - working
iptables -A INPUT -m physdev --physdev-in eth0 -p icmp -j DROP
# Block (eth0 <--- BRIDGE) - working
iptables -A OUTPUT -m physdev --physdev-out eth0 -p icmp -j DROP
# Block (eth1 ---> BRIDGE) - working
iptables -A INPUT -m physdev --physdev-in eth1 -p icmp -j DROP
# Block (eth1 <--- BRIDGE) - working
iptables -A OUTPUT -m physdev --physdev-out eth1 -p icmp -j DROP
Kind Regards
William
More information about the LARTC
mailing list