Hi Pascal, Your suggestion has worked .. $iptables -t filter -I FORWARD -m physdev --physdev-in eth2 -j DROP (works ie., drops the incoming packets ) $iptables -t filter -D FORWARD -m physdev --physdev-in eth2 -j DROP (undo / del the previous rule .. allows incoming packets) Could you please guide me .. How to send the (DROP) message via setting the socket options (programmatically) .. ie., in filling-up the ipt_replace/xt_entry_match/xt_entry_target structure data structure / could you please point me to any simple example of "physdev" match case . Thanks a lot , Suman. On Mon, Jul 25, 2016 at 9:07 PM, Pascal Hambourg <pascal@xxxxxxxxxxxxxxx> wrote: > Le 25/07/2016 à 12:37, namus a écrit : >> >> Hi Team, >> >> My device contains 2 ethernet interfaces(eth1 and eth2) added to >> bridge interface(br0) >> I am trying to DROP all the packets to eth1 interface based on some >> user-condition . > > (...) >> >> Following commands do not work: >> >> iptables -t filter -I INPUT -i eth2 -j DROP (doesn't drop any packets >> - checked via tcpdump of eth2 ) > > > Check the "physdev" match. > -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
