Bridge eth0 and eth1 - how to limit access

Hello
/etc/config/network

config interface 'lan'
	option type 'bridge'
	option proto 'static'
	option netmask '255.255.255.0'
	option dns '192.168.100.1'
	option ipaddr '192.168.100.200'
	option gateway '192.168.100.1'
	option ifname 'eth0 eth1'

how to restrict connection from devices connected to eth0 to some devices connected to eth1

I want block connection from devices connected to eth0 to devices connected to eth1 with some exceptions.

Any device connected to eth0 can't have access to 192.168.100.201:80(eth1)

It is posiible via iptables or firewall?

It is not possible, when interfaces are bridged. if you "unbridge" them and setup forwarding between them, you can setup any rules you like.

1 Like

It is possible (with kmod -br-netfilter) to send the traffic between interfaces in a bridge to iptables. See this thread.

3 Likes

The downside is that this approaches does not work with a DSA switch...

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.