Hi Physdev may no longer be supported soon something to do with hooks and how this is difficult to support. I have stopped using it cause I found some odd behavior in physdev-in, out seemed fine I remember. I use ebtables and marks for this now. On Thu, 2006-12-14 at 20:55 +0900, William Bohannan wrote: > Currently using physdev on a bridge to try and isolate certain paths > across and to the bridge. It all works except when trying to stop the > flow in one direction on the FORWARD chain?? Can someone please help?? > > Below is the testing done so far. > > eth1 <---> BRIDGE <---> eth0 > > # Block (eth0 ---> eth1) - blocks both directions and not just one?? > iptables -A FORWARD -m physdev --physdev-out eth1 -p icmp -j DROP > > # Block (eth0 <--- eth1) - blocks both directions and not just one?? > iptables -A FORWARD -m physdev --physdev-out eth1 -p icmp -j DROP > > # Block (eth0 ---> BRIDGE) - working > iptables -A INPUT -m physdev --physdev-in eth0 -p icmp -j DROP > > # Block (eth0 <--- BRIDGE) - working > iptables -A OUTPUT -m physdev --physdev-out eth0 -p icmp -j DROP > > # Block (eth1 ---> BRIDGE) - working > iptables -A INPUT -m physdev --physdev-in eth1 -p icmp -j DROP > > # Block (eth1 <--- BRIDGE) - working > iptables -A OUTPUT -m physdev --physdev-out eth1 -p icmp -j DROP > > > Kind Regards > William > > _______________________________________________ > LARTC mailing list > LARTC@xxxxxxxxxxxxxxxxxxx://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc _______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
