Re: iptables with a linux bridge
On Wed, 28 Nov 2001, François Bayart wrote:
>
> Hi ,
>
> I've installed a linux bridge with 2.4.14 kernel and the bridge-utils packages
>
> brctl addbr br0
> brctl addif br0 eth0
> brctl addif br0 eth1
> ifconfig eth0 0.0.0.0
> ifconfig eth1 0.0.0.0
> ifconfig br0 62.4.8.2 netmask 255.255.255.0 broadcast 62.4.8.255
>
> That correctly works but now I would like create some filtering rules and I try with iptables and it doesn't work
> ex, just drop the icmp :
>
> iptables -F INPUT
> iptables -P INPUT ACCEPT
> iptables -F OUTPUT
> iptables -P OUTPUT ACCEPT
> iptables -F FORWARD
> iptables -P FORWARD ACCEPT
As I believe to remember, you have to set the default policy to DENY, at
least you had to do when doing masquarading under 2.2. and ipchains.
> iptables -A FORWARD -d 62.4.8.73 -s 0/0 -p ICMP -j DROP
> iptables -A INPUT -d 62.4.8.73 -s 0/0 -p ICMP -j DROP
> iptables -A OUTPUT -d 62.4.8.73 -s 0/0 -p ICMP -j DROP
> iptables -t mangle -A PREROUTING -d 62.4.8.73 -s 0/0 -p ICMP -j DROP
> iptables -t mangle -A OUTPUT -d 62.4.8.73 -s 0/0 -p ICMP -j DROP
> iptables -t nat -A POSTROUTING -d 62.4.8.73 -s 0/0 -p ICMP -j DROP
> iptables -t nat -A PREROUTING -d 62.4.8.73 -s 0/0 -p ICMP -j DROP
> iptables -t nat -A OUTPUT -d 62.4.8.73 -s 0/0 -p ICMP -j DROP
> iptables -N br0
> iptables -A br0 -d 62.4.8.73 -s 0/0 -p ICMP -j DROP
> iptables -A br0 -d 62.4.8.73 -s 0/0 -p ICMP -j DROP -i br0
> iptables -A FORWARD -d 62.4.8.73 -s 0/0 -p ICMP -j DROP -i br0
> iptables -A INPUT -d 62.4.8.73 -s 0/0 -p ICMP -j DROP -i br0
>
> and I can ping without problem, I have try all rules because I don't understand the problem, normally I don't have NAT n this network.
>
> Si if someone can give me a solution or informations
>
> thx
>
> Francois
>
>
> -----------------------
> François Bayart
> francois@avence.com
> +33 1 49 27 98 30
> +33 6 87 84 18 82
>
Reply to: