I have a bridge setup one a set of firewalls that I would like to do some custom filtering with. Here is the config: eth0 -> WAN eth1 -> heartbeat eth2 -> DMZ eth3 -> LAN Most of the checks we do are from the DMZ to the LAN but now we would like to filter out specific traffic between WAN and DMZ. We have some blanket global rules in place (only 80, 445, 25, etc) in via the DMZ but lately this isn't cutting it. Looking into the log, netfilter is seeing the physical device in and out. I found some table about ipt_physdev module. I loaded the module and tried filtering on the physical device and received some errors: -A FORWARD -physin eth0 -j LOG --log-prefix "FW ETH0:" iptables-restore v1.2.11: unknown protocol `-physin' specified I have also tried using the --physdev-in as per the man iptables listing. How can I build a rule on this with netfilter using the basic rules? This is a RHEL 4 environment and we would rather not patch these machines with pom items. I seems like I'm missing something simple.
