Correct me if I'm wrong, but isn't the iptables physdev module specifically designed to work with bridged traffic/bridged interfaces?
http://ipset.netfilter.org/iptables-extensions.man.html#lbBQ
Correct me if I'm wrong, but isn't the iptables physdev module specifically designed to work with bridged traffic/bridged interfaces?
http://ipset.netfilter.org/iptables-extensions.man.html#lbBQ