You -might- need to fiddle with the nf-call-iptables sysctls for those firewall rules to work. I haven't personally tried this for a wifi adapter in infrastructure mode (only wired bridges) but it might help/apply to your setup. See https://wiki.libvirt.org/page/Net.bridge.bridge-nf-call_and_sysctl.conf for some info. R's, Alex On Mon, Jun 15, 2020, 11:38 PM Hooman <mailinglister.hooman@xxxxxxxxx> wrote: > > Hi, > > I am using WiFi hotspot feature of Ubuntu 18.04 to create a hotspot for > my devices. I need to prevent different devices on the network from > contacting each other. > > More specifically, I have two phones on the network, I would like them > not to be able to send any packets to each other. Right now if phone 1 > is using IP address 10.42.0.172 and phone 2 is using 10.42.0.59, I can > use phone 1 to ping 10.42.0.59. > > I would like to disable connections between different hosts on the > network created by the hotspot. > > I tried using iptables to drop local traffic. However, it seems like the > iptables don't have any effect on these packets. > > I do see local packets on wireshark though. I'm wondering if local > packets are forwarded directly without hitting the iptable rules. > > Is it possible to use iptables or ebtables to filter these packets? Is > there any other solution to this? > > Thank you >
