[LARTC] blocking traffic on the FORWARD chain using physdev

To:	<lartc@mailman.ds9a.nl>
Subject:	[LARTC] blocking traffic on the FORWARD chain using physdev
From:	"William Bohannan" <WBohannan@spidersat.com.gh>
Date:	Thu, 14 Dec 2006 20:55:22 +0900
Delivered-to:	sp-com-lists@consult.net
Delivered-to:	lartc-list@securepoint.com
Delivered-to:	lartc@outpost.ds9a.nl
List-archive:	<http://mailman.ds9a.nl/pipermail/lartc>
List-help:	<mailto:lartc-request@mailman.ds9a.nl?subject=help>
List-id:	"Mailinglist of the Linux Advanced Routing & Traffic Control project" <lartc.mailman.ds9a.nl>
List-post:	<mailto:lartc@mailman.ds9a.nl>
List-subscribe:	<http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc>, <mailto:lartc-request@mailman.ds9a.nl?subject=subscribe>
List-unsubscribe:	<http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc>, <mailto:lartc-request@mailman.ds9a.nl?subject=unsubscribe>
Sender:	lartc-bounces@mailman.ds9a.nl
Thread-index:	AccfdrwnTmltbKI6TwCaIBD6tUsqRw==
Thread-topic:	blocking traffic on the FORWARD chain using physdev

Currently using physdev on a bridge to try and isolate certain paths
across and to the bridge.  It all works except when trying to stop the
flow in one direction on the FORWARD chain?? Can someone please help??

Below is the testing done so far.

eth1 <---> BRIDGE <---> eth0

# Block (eth0 ---> eth1) - blocks both directions and not just one?? 
iptables -A FORWARD -m physdev --physdev-out eth1 -p icmp -j DROP

# Block (eth0 <--- eth1) - blocks both directions and not just one??
iptables -A FORWARD -m physdev --physdev-out eth1 -p icmp -j DROP

# Block (eth0 ---> BRIDGE) - working
iptables -A INPUT -m physdev --physdev-in eth0 -p icmp -j DROP

# Block (eth0 <--- BRIDGE) - working
iptables -A OUTPUT -m physdev --physdev-out eth0 -p icmp -j DROP
        
# Block (eth1 ---> BRIDGE) - working
iptables -A INPUT -m physdev --physdev-in eth1 -p icmp -j DROP

# Block (eth1 <--- BRIDGE) - working
iptables -A OUTPUT -m physdev --physdev-out eth1 -p icmp -j DROP


Kind Regards
William 

_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

<Prev in Thread]	Current Thread	[Next in Thread>
[LARTC] blocking traffic on the FORWARD chain using physdev, William Bohannan <= Re: [LARTC] blocking traffic on the FORWARD chain using physdev, Oscar Mechanic RE: [LARTC] blocking traffic on the FORWARD chain using physdev, William Bohannan RE: [LARTC] blocking traffic on the FORWARD chain using physdev, Oscar Mechanic RE: [LARTC] blocking traffic on the FORWARD chain using physdev, William Bohannan RE: [LARTC] blocking traffic on the FORWARD chain using physdev, William Bohannan

Previous by Date:	Re: [LARTC] SIP, NAT, and load balancing problems, François Delawarde
Next by Date:	Re: [LARTC] SIP, NAT, and load balancing problems, François Delawarde
Previous by Thread:	Re: [LARTC][RESOLVED] Layer7 module doesn't detect nothing on my bridge with a 2.6.18.3 kernel, Sébastien CRAMATTE
Next by Thread:	Re: [LARTC] blocking traffic on the FORWARD chain using physdev, Oscar Mechanic
Indexes:	[Date] [Thread] [Top] [All Lists]