From 225f15f9e17a7628dbb9b68182d2d0fdbfed507e Mon Sep 17 00:00:00 2001
From: Matthias Schiffer <mschiffer@universe-factory.net>
Date: Mon, 30 Sep 2013 17:38:04 +0200
Subject: [PATCH] gluon-next-node: add ebtables to filter IP packets with the
 next-node address

---
 .../generate/lib/gluon/ebtables/250-next-node          | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/package/gluon-next-node/generate/lib/gluon/ebtables/250-next-node b/package/gluon-next-node/generate/lib/gluon/ebtables/250-next-node
index 3c4cb49f..f6fa7d1a 100644
--- a/package/gluon-next-node/generate/lib/gluon/ebtables/250-next-node
+++ b/package/gluon-next-node/generate/lib/gluon/ebtables/250-next-node
@@ -2,3 +2,13 @@ rule FORWARD --logical-out br-freifunk -o bat0 -d @next_node.mac@ -j DROP
 rule OUTPUT --logical-out br-freifunk -o bat0 -d @next_node.mac@ -j DROP
 rule FORWARD --logical-out br-freifunk -o bat0 -s @next_node.mac@ -j DROP
 rule OUTPUT --logical-out br-freifunk -o bat0 -s @next_node.mac@ -j DROP
+
+rule FORWARD --logical-out br-freifunk -o bat0 -p IPv4 --ip-destination @next_node.ip4@ -j DROP
+rule OUTPUT --logical-out br-freifunk -o bat0 -p IPv4 --ip-destination @next_node.ip4@ -j DROP
+rule FORWARD --logical-out br-freifunk -o bat0 -p IPv4 --ip-source @next_node.ip4@ -j DROP
+rule OUTPUT --logical-out br-freifunk -o bat0 -p IPv4 --ip-source @next_node.ip4@ -j DROP
+
+rule FORWARD --logical-out br-freifunk -o bat0 -p IPv6 --ip6-destination @next_node.ip6@ -j DROP
+rule OUTPUT --logical-out br-freifunk -o bat0 -p IPv6 --ip6-destination @next_node.ip6@ -j DROP
+rule FORWARD --logical-out br-freifunk -o bat0 -p IPv6 --ip6-source @next_node.ip6@ -j DROP
+rule OUTPUT --logical-out br-freifunk -o bat0 -p IPv6 --ip6-source @next_node.ip6@ -j DROP