|
Hi ,
I've installed a linux bridge with 2.4.14 kernel
and the bridge-utils packages
brctl addbr br0
brctl addif br0 eth0 brctl addif br0 eth1 ifconfig eth0 0.0.0.0 ifconfig eth1 0.0.0.0 ifconfig br0 62.4.8.2 netmask 255.255.255.0 broadcast 62.4.8.255 That correctly works but now I would like create
some filtering rules and I try with iptables and it doesn't work
ex, just drop the icmp :
iptables -F INPUT
iptables -P INPUT ACCEPT iptables -F OUTPUT
iptables -P OUTPUT ACCEPT iptables -F FORWARD
iptables -P FORWARD ACCEPT iptables -A FORWARD -d 62.4.8.73 -s 0/0 -p ICMP -j
DROP
iptables -A INPUT -d 62.4.8.73 -s 0/0 -p ICMP -j DROP iptables -A OUTPUT -d 62.4.8.73 -s 0/0 -p ICMP -j DROP iptables -t mangle -A PREROUTING -d 62.4.8.73 -s
0/0 -p ICMP -j DROP
iptables -t mangle -A OUTPUT -d 62.4.8.73 -s 0/0 -p ICMP -j DROP iptables -t nat -A POSTROUTING -d 62.4.8.73 -s 0/0 -p ICMP -j DROP iptables -t nat -A PREROUTING -d 62.4.8.73 -s 0/0 -p ICMP -j DROP iptables -t nat -A OUTPUT -d 62.4.8.73 -s 0/0 -p ICMP -j DROP iptables -N br0 iptables -A br0 -d 62.4.8.73 -s 0/0 -p ICMP -j DROP iptables -A br0 -d 62.4.8.73 -s 0/0 -p ICMP -j DROP
-i br0
iptables -A FORWARD -d 62.4.8.73 -s 0/0 -p ICMP -j DROP -i br0 iptables -A INPUT -d 62.4.8.73 -s 0/0 -p ICMP -j DROP -i br0 and I can ping without problem, I have try all
rules because I don't understand the problem, normally I don't have NAT n this
network.
Si if someone can give me a solution or
informations
thx
Francois
|