[LARTC] blocking traffic on the FORWARD chain using physdev
Oscar Mechanic
oscar at ufomechanic.net
Thu Dec 14 13:26:37 CET 2006
Hi
Physdev may no longer be supported soon something to do with hooks
and how this is difficult to support. I have stopped using it cause I
found some odd behavior in physdev-in, out seemed fine I remember. I use
ebtables and marks for this now.
On Thu, 2006-12-14 at 20:55 +0900, William Bohannan wrote:
> Currently using physdev on a bridge to try and isolate certain paths
> across and to the bridge. It all works except when trying to stop the
> flow in one direction on the FORWARD chain?? Can someone please help??
>
> Below is the testing done so far.
>
> eth1 <---> BRIDGE <---> eth0
>
> # Block (eth0 ---> eth1) - blocks both directions and not just one??
> iptables -A FORWARD -m physdev --physdev-out eth1 -p icmp -j DROP
>
> # Block (eth0 <--- eth1) - blocks both directions and not just one??
> iptables -A FORWARD -m physdev --physdev-out eth1 -p icmp -j DROP
>
> # Block (eth0 ---> BRIDGE) - working
> iptables -A INPUT -m physdev --physdev-in eth0 -p icmp -j DROP
>
> # Block (eth0 <--- BRIDGE) - working
> iptables -A OUTPUT -m physdev --physdev-out eth0 -p icmp -j DROP
>
> # Block (eth1 ---> BRIDGE) - working
> iptables -A INPUT -m physdev --physdev-in eth1 -p icmp -j DROP
>
> # Block (eth1 <--- BRIDGE) - working
> iptables -A OUTPUT -m physdev --physdev-out eth1 -p icmp -j DROP
>
>
> Kind Regards
> William
>
> _______________________________________________
> LARTC mailing list
> LARTC at mailman.ds9a.nlhttp://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
More information about the LARTC
mailing list