Hi!,
So I'm trying something new but I wonder if this makes sense to do.
I readed you can use ebtables to isolate clients from each other on the same bridge so I searched through some of the documentation for ebtables and came with these rules:
# block telnet port 23 from each client on the same subnet
ebtables -A FORWARD --logical-in br-zigbee --proto ipv4 --ip-proto tcp --ip-destination-port 23 -j DROP
# block telnet port 2323 from each client on the same subnet
ebtables -A FORWARD --logical-in br-zigbee --proto ipv4 --ip-proto tcp --ip-destination-port 2323 -j DROP
# block ssh port 22 from each client on the same subnet
ebtables -A FORWARD --logical-in br-zigbee --proto ipv4 --ip-proto tcp --ip-destination-port 22 -j DROP
but I wonder would this make sense to do this?, what I try to accomplish is isolating vulnerable ports from each client to client communication on the same subnet but still have not a full isolation than only these few ports.
it came to my attention some smart devices come with open telnet and with bad passwords so I thought of blocking internal communication, to clarify one part goes also over wireless its semi cable/wireless.