Running Slackware 9 (kernel 2.4.20) patched with
bridge-nf-0.0.10-against-2.4.20.diff and ebtables 2.0.4. Firewalled
bridge has been running fine for over a month, I have certain ports
blocked and it has been working as expected thus far.
Now, I want to block certain ports going one direction. I.e., if a
packet comes in on one interface, forward it. If it comes in another
interface, drop it.
Googling, I found many many examples of this, for example:
iptables -A FORWARD --in-interface eth1 --out-interface eth0 -p tcp
--dport 8080 -j LOG
iptables -A FORWARD --in-interface eth1 --out-interface eth0 -p tcp
--dport 8080 -j REJECT
I can type these commands in without error, but the rules have no
effect. No packets match the rules and they all get forwarded without
logging.
The exact same iptables command without specifying the interfaces
works fine (though of course it blocks both directions).
So... what's the deal?? Help!!
Additional info:
root@abc:/# brctl show
bridge name bridge id STP enabled interfaces
br0 8000.000bcd4ee2aa yes eth0
eth1
root@abc:/# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
LOG tcp -- anywhere anywhere tcp
dpt:8080 LOG level warning
REJECT tcp -- anywhere anywhere tcp
dpt:8080 reject-with icmp-port-unreachable
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
|
Similar Threads
Linear Mode
