First of all thank you for your suggestion. I did what you suggested, it does not seem to work. But perhaps I need to clarify :- 1. The iptables/ipset are to be carried on the the server, is that right ? 2. The mac addresses of the bridge - I am testing using a linux bridge, are you refering to the br0, eth0 or eth1 mac address ? In any case when I tested, it seems to only identify the bridge itself connecting to the server. Anything from the clients are not picked up by the iptables/ipset rules. ----- Original Message ----- From: kay <kay.diam@xxxxxxxxx> To: netfilter@xxxxxxxxxxxxxxx Cc: Sent: Saturday, July 28, 2012 10:58 AM Subject: Re: Identify traffic coming from which bridge Dear Master Yoda =) You can try to use "--mac-source" match in iptables, combine iptables with ipset and get the following rules: ipset create bridge_a_clients src hash:ip ipset create bridge_b_clients src hash:ip iptables -t raw -A PREROUTING --mac-source "BRIDGE_A_MAC" -j SET --add-set bridge_a_clients src iptables -t raw -A PREROUTING --mac-source "BRIDGE_B_MAC" -j SET --add-set bridge_b_clients src To view bridge_a_clients use: ipset bridge_a_clients list To view bridge_b_clients use: ipset bridge_b_clients list This is not optimal solution, but it should help you. Regards! 2012/7/26 Ming-Ching Tiew <mctiew@xxxxxxxxx>: > When a client X is connected to the server, is there a way for the server to > know client X is connected via which bridge ? -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
