Here's what I have. The bridge is nothing special, its not the gateway and it doesn't do NAT. It does do traffic shapping but turning that part on/off didn't seem to make a difference here.
I decided to start simple by blocking some (presumably) msblast traffic on port 135. From the HOWTOs I've been reading all rules on the bridge should be in chain FORWARD so I did:
iptables -F iptables -X # RH has some user-defined chains and i just dumped those iptables -A FORWARD -p udp --dport 135 -j DROP iptables -A FORWARD -p tcp --dport 135 -j DROP
Nothing ... traffic still gets through ... so I explicitly added the interface
iptables -i br0 -A FORWARD -p udp --dport 135 -j DROP # same for tcp
Still nothing.
Next I tried filtering connection attempts to mysql from the outside world (something I want to do anyway) (IP address hidden to protect the innocent :) )
iptables -A FORWARD -d x.x.x.x/24 -p tcp --dport 3306 -j DROP
Tried to connect to mysql from the outside world. No luck I can still get to it.
For grins I also tried the rules on INPUT and on OUTPUT with the same results. I tried enabling ip forwarding which some of HOWTOs I read said was an optional step but that didn't make a difference either, that also seemed to be if I were to be using the machine as the gateway. A friend of mine even suggested using -t nat -A PREROUTING which didn't make a lot of sense to me but I tried it anyway, still with the same result.
I don't see any errors when I execute the commands and I can see all the rules in iptables -L but they don't seem to do anything ... its very perplexing, any ideas?
thanks in advance Chris
-- Chris Brown System Administrator / Web Application Developer Wavetex Inc. 903-533-1700 http://wavetex.com/
