gluon-next-node: add ebtables to filter IP packets with the next-node address

This commit is contained in:
Matthias Schiffer 2013-09-30 17:38:04 +02:00
parent 18f0fc6366
commit 225f15f9e1

View File

@ -2,3 +2,13 @@ rule FORWARD --logical-out br-freifunk -o bat0 -d @next_node.mac@ -j DROP
rule OUTPUT --logical-out br-freifunk -o bat0 -d @next_node.mac@ -j DROP
rule FORWARD --logical-out br-freifunk -o bat0 -s @next_node.mac@ -j DROP
rule OUTPUT --logical-out br-freifunk -o bat0 -s @next_node.mac@ -j DROP
rule FORWARD --logical-out br-freifunk -o bat0 -p IPv4 --ip-destination @next_node.ip4@ -j DROP
rule OUTPUT --logical-out br-freifunk -o bat0 -p IPv4 --ip-destination @next_node.ip4@ -j DROP
rule FORWARD --logical-out br-freifunk -o bat0 -p IPv4 --ip-source @next_node.ip4@ -j DROP
rule OUTPUT --logical-out br-freifunk -o bat0 -p IPv4 --ip-source @next_node.ip4@ -j DROP
rule FORWARD --logical-out br-freifunk -o bat0 -p IPv6 --ip6-destination @next_node.ip6@ -j DROP
rule OUTPUT --logical-out br-freifunk -o bat0 -p IPv6 --ip6-destination @next_node.ip6@ -j DROP
rule FORWARD --logical-out br-freifunk -o bat0 -p IPv6 --ip6-source @next_node.ip6@ -j DROP
rule OUTPUT --logical-out br-freifunk -o bat0 -p IPv6 --ip6-source @next_node.ip6@ -j DROP