Re: [LARTC] blocking traffic on the FORWARD chain using physdev

To:	William Bohannan <WBohannan@spidersat.com.gh>
Subject:	Re: [LARTC] blocking traffic on the FORWARD chain using physdev
From:	Oscar Mechanic <oscar@ufomechanic.net>
Date:	Thu, 14 Dec 2006 12:26:37 +0000
Cc:	lartc@mailman.ds9a.nl
Delivered-to:	sp-com-lists@consult.net
Delivered-to:	lartc-list@securepoint.com
Delivered-to:	lartc@outpost.ds9a.nl
In-reply-to:	<4D411FB02758FE45915E9724339093F6152F0E@intranet.scpl.local>
List-archive:	<http://mailman.ds9a.nl/pipermail/lartc>
List-help:	<mailto:lartc-request@mailman.ds9a.nl?subject=help>
List-id:	"Mailinglist of the Linux Advanced Routing & Traffic Control project" <lartc.mailman.ds9a.nl>
List-post:	<mailto:lartc@mailman.ds9a.nl>
List-subscribe:	<http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc>, <mailto:lartc-request@mailman.ds9a.nl?subject=subscribe>
List-unsubscribe:	<http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc>, <mailto:lartc-request@mailman.ds9a.nl?subject=unsubscribe>
References:	<4D411FB02758FE45915E9724339093F6152F0E@intranet.scpl.local>
Reply-to:	oscar@ufomechanic.net
Sender:	lartc-bounces@mailman.ds9a.nl

To:

William Bohannan <WBohannan@spidersat.com.gh>

Subject:

Re: [LARTC] blocking traffic on the FORWARD chain using physdev

From:

Oscar Mechanic <oscar@ufomechanic.net>

Date:

Thu, 14 Dec 2006 12:26:37 +0000

Cc:

lartc@mailman.ds9a.nl

Delivered-to:

sp-com-lists@consult.net

Delivered-to:

lartc-list@securepoint.com

Delivered-to:

lartc@outpost.ds9a.nl

In-reply-to:

<4D411FB02758FE45915E9724339093F6152F0E@intranet.scpl.local>

List-archive:

<http://mailman.ds9a.nl/pipermail/lartc>

List-help:

<mailto:lartc-request@mailman.ds9a.nl?subject=help>

List-id:

"Mailinglist of the Linux Advanced Routing & Traffic Control project" <lartc.mailman.ds9a.nl>

List-post:

<mailto:lartc@mailman.ds9a.nl>

List-subscribe:

<http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc>, <mailto:lartc-request@mailman.ds9a.nl?subject=subscribe>

List-unsubscribe:

<http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc>, <mailto:lartc-request@mailman.ds9a.nl?subject=unsubscribe>

References:

<4D411FB02758FE45915E9724339093F6152F0E@intranet.scpl.local>

Reply-to:

oscar@ufomechanic.net

Sender:

lartc-bounces@mailman.ds9a.nl

Hi

   Physdev may no longer be supported soon something to do with hooks
and how this is difficult to support. I have stopped using it cause I
found some odd behavior in physdev-in, out seemed fine I remember. I use
ebtables and marks for this now.


On Thu, 2006-12-14 at 20:55 +0900, William Bohannan wrote:
> Currently using physdev on a bridge to try and isolate certain paths
> across and to the bridge.  It all works except when trying to stop the
> flow in one direction on the FORWARD chain?? Can someone please help??
> 
> Below is the testing done so far.
> 
> eth1 <---> BRIDGE <---> eth0
> 
> # Block (eth0 ---> eth1) - blocks both directions and not just one?? 
> iptables -A FORWARD -m physdev --physdev-out eth1 -p icmp -j DROP
> 
> # Block (eth0 <--- eth1) - blocks both directions and not just one??
> iptables -A FORWARD -m physdev --physdev-out eth1 -p icmp -j DROP
> 
> # Block (eth0 ---> BRIDGE) - working
> iptables -A INPUT -m physdev --physdev-in eth0 -p icmp -j DROP
> 
> # Block (eth0 <--- BRIDGE) - working
> iptables -A OUTPUT -m physdev --physdev-out eth0 -p icmp -j DROP
>       
> # Block (eth1 ---> BRIDGE) - working
> iptables -A INPUT -m physdev --physdev-in eth1 -p icmp -j DROP
> 
> # Block (eth1 <--- BRIDGE) - working
> iptables -A OUTPUT -m physdev --physdev-out eth1 -p icmp -j DROP
> 
> 
> Kind Regards
> William 
> 
> _______________________________________________
> LARTC mailing list
> LARTC@mailman.ds9a.nlhttp://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

<Prev in Thread]	Current Thread	[Next in Thread>
[LARTC] blocking traffic on the FORWARD chain using physdev, William Bohannan Re: [LARTC] blocking traffic on the FORWARD chain using physdev, Oscar Mechanic <= RE: [LARTC] blocking traffic on the FORWARD chain using physdev, William Bohannan RE: [LARTC] blocking traffic on the FORWARD chain using physdev, Oscar Mechanic RE: [LARTC] blocking traffic on the FORWARD chain using physdev, William Bohannan RE: [LARTC] blocking traffic on the FORWARD chain using physdev, William Bohannan

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:	Re: [LARTC] SIP, NAT, and load balancing problems, François Delawarde
Next by Date:	RE: [LARTC] blocking traffic on the FORWARD chain using physdev, William Bohannan
Previous by Thread:	[LARTC] blocking traffic on the FORWARD chain using physdev, William Bohannan
Next by Thread:	RE: [LARTC] blocking traffic on the FORWARD chain using physdev, William Bohannan
Indexes:	[Date] [Thread] [Top] [All Lists]

Previous by Date:

Re: [LARTC] SIP, NAT, and load balancing problems, François Delawarde

Next by Date:

RE: [LARTC] blocking traffic on the FORWARD chain using physdev, William Bohannan

Previous by Thread:

[LARTC] blocking traffic on the FORWARD chain using physdev, William Bohannan

Next by Thread:

RE: [LARTC] blocking traffic on the FORWARD chain using physdev, William Bohannan

Indexes:

[Date] [Thread] [Top] [All Lists]