Bridge filtering rules. explain how realistic it is to block packets between devices on the same network

I'm confused. using OpenWrt 23.05.3
installed kmod-nft-bridge. tried to write rules, but got nothing. read similar topics, someone said that the bridge can only be filtered between interfaces. tried blocking pings between the phone and a PC on the same network, but nothing worked. only was able to close the ping from the PC to the router in the bridge table.Is it generally possible to block certain ports or IP devices from each other on the same network? without vlans and isolation. just a rule blocking packets on port 445 between the phone and the PC, without a firewall on the PC

5 edits later just holding my popcorn waiting on what transmutes next.


No. Packets between nodes on the same network are switched, not routed. The router is not involved when your phone and PC ping each other, so the rules don't work. If you need isolation between them, then they need to be on different networks (which can be physical or virtual e.g. VLANs). Then you can put the OpenWrt router between the different networks to mediate and enforce whatever network policy you want.


This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.